Skip to main content

There are a lot of Github triggers, but none of them seem to be picking the Security alerts that Dependabot creates. Can someone think of any way to pick these up as a trigger to initiate a zap?

 

 

Hi @Ibon,

It looks like you can set up these Dependabot alerts to notify you via email.  

https://docs.github.com/en/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts

 

You can then potentially set up a new email trigger for your selected inbox, or set up a Zapier email parser and forward it to the parser inbox.  https://zapier.com/blog/email-parser-guide/

 

Hope this helps!


Thank you for your reply!

 

That would work, but

  1. It is not a clean solution, it’s just a workaround that uses more steps and more intermediaries, there should be a github trigger for this the same way there is for a new comment or a new pull request
  2. I don’t want to give Zapier access to reading my email...

 

I guess the answer then is that there is no way of doing this with the Github integration, period?


Hi @Ibon,

It doesn’t look like there is a specific Github trigger for this.  You can make a feature request for this functionality at this address:  https://zapier.com/app/get-help

Alternatively, you could make a custom trigger using the Github API:

https://docs.github.com/en/rest/dependabot/alerts?apiVersion=2022-11-28#about-dependabot-alerts

 

For my workaround, you would not have to give Zapier access to all of your emails.  You would just need to set up an email parser inbox here:  https://zapier.com/features/parser

Then you would set up a rule in your email that would automatically forward a message to this Zapier parser inbox given certain conditions.

For instance, you could have a condition that the subject line needs to have “Dependabot” in it or that it comes from a specific email address.  This way, Zapier is only getting those specific emails about the Dependabot.


@GetUWired There is now a webhook for Dependabot alerts: https://docs.github.com/en/webhooks/webhook-events-and-payloads#dependabot_alert

How can I use that as a Zapier trigger? I can’t see a way to get the fields into the config as the “ping” event just has metadata about the webhook.


Reply