Filters

Search Results ()

Search Results ()

    All Plugins (150)

    Quick Info

    Product
    HCL Accelerate
    Type
    plugin
    Compatibility
    HCL Accelerate version 2.4 or later
    Created by
    HCL Software
    Published Date
    April 18th, 2022
    Last Updated
    April 20th, 2022

    Description

    • The GitHub Dependabot plugin scans known GitHub repositories and pulls security alerts into HCL Accelerate. This vulnerability information is available as various metrics and charts in the metrics bar and dashboard. In addition, you can leverage these values in your pipeline for automated gates and deployments.
    • The GitHub Dependabot leverage the existing GitHub plugin to scan and link against known repositories. It is highly recommend that you install and configure the existing GitHub plugin before you install the GitHub Dependabot plugin.
    • GitHub Dependabot Alerts should be enabled for the GitHub repository . Automated pull requests generated by Dependabot will be also visible in the Value Stream .
    • This is a scheduled event plugin and runs on a timed interval. If data ever gets out of sync, please leverage the Last Initial Sync utility.

    Quick Info

    Product
    HCL Accelerate
    Type
    plugin
    Compatibility
    HCL Accelerate version 2.4 or later
    Created by
    HCL Software
    Published Date
    April 18th, 2022
    Last Updated
    April 20th, 2022

    ucv-ext-dependabot:1.0.2.tar

    Uploaded: 18-Apr-2022 08:17

    Pull Command

    docker pull hclcr.io/accelerate/ucv-ext-dependabot:1.0.2

    Release Notes

  • Syncs with GitHub Plugin to get Dependency Vulnerabilities
  • Show data in metrics bar
  • Show data in insights
  • Used GraphQL queries
  • GitHub Personal access token required
  • Summary

    The GitHub Dependabot plugin imports repository vulnerability data from GitHub server into HCL Accelerate. It scans for existing GitHub integrations and retrieves data only for those particular GitHub repositories . The Plugin works on repository level and imports data for entire repository .

    Compatibility

    This plugin is compatible with HCL Accelerate version 2.4 or later. The plugin works on top of GitHub Plugin so at least one GitHub integration should be already there .

    History

    The following table describes the changes made in each plugin version.

    Plugin history details
    Version Description
    1.0.2 Initial release.

    Usage

    To use the GitHub Dependabot plugin, the plugin must be loaded only if you an existing GitHub integration . The GitHub Dependabot data is imported only if Dependabot alerts are enabled for the repository .

    Integration type

    The GitHub Dependabot plugin supports scheduled event integration which are listed in the following table.

    Scheduled events
    Name Description
    syncDependabotDataEvent Queries the GitHub Dependabot alerts for the repository.

    Integration

    The method to integrate the plugin:

    • Using the user interface

    The tables in the Configuration properties topic describe the properties used to define the integration.

    Using the user interface

    1. From the Plugins page, click Settings > Integrations > Plugins.
    2. Under the Action column for the plugin, click Add Integration.
    3. On the Add Integration page enter values for the fields used to configure the integration and define communication.
    4. Click Save.

    Configuration Properties

    The following tables describe the properties used to configure the integration.

    • The General Configuration Properties table describes configuration properties used by all plugin integrations.
    • The GitHub Dependabot Configuration Properties table describes the GitHub Dependabot configuration properties that define the connection and communications with the GitHub server.

    Some properties might not be displayed in the user interface, to see all properties enable the Show Hidden Properties field.

    General Configuration properties
    Name Description Required Property Name
    Integration Name An assigned name to the value stream. Yes name
    Logging Level The level of Log4j messages to display in the log file. Valid values are: all, debug, info, warn, error, fatal, off, and trace. No loggingLevel
    HCL Accelerate User Access Key An auto-generated user access key provides credentials for communicating with the HCL Accelerate server. Yes NA

    GitHub Dependabot Plugin Properties
    Name Type Description Required
    Personal Access Token String The token to use to authenticate with the GitHub repository. Yes
    API URL (GraphQL Endpoint Url) String For GitHub Enterprise edition , replace it with Enterprise GraphQL endpoint. Eg – http(s)://[hostname]/api/graphql or use the default value . (Default value :  https://api.github.com/graphql ) Yes
    Repositories Array List of GitHub repositories as comma separated, Use either Repositories field or name field to specify the repositories . No