To allow Fletch to retrieve GitHub Dependabot alerts, you need to perform the following actions:
Please note that Fletch can monitor alerts from multiple GitHub Organizations and their repositories but you will need to onboard each organization separately and make sure that Dependabot alerts are enabled for each organization as well.
Step 1. Login to GitHub with Organization Owner credentials to be able to modify the required settings.
Step 2. In the top right corner of GitHub.com, click your profile photo, then click Your organizations.
Step 3. Copy and save the Organization name you want to monitor with Fletch: from the example below it would be fletch-test-org-1. You will need it to complete the onboarding process.
Step 4. Next to the organization you want to monitor with Fletch, click Settings.
Step 5. In the "Security" section of the sidebar, click Code security and analysis.
Step 6. Click Enable all for Dependabot alerts.
Step 7. On the pop-up dialog click Enable Dependabot alerts.
We highly recommend leaving the “Enable by default for new repositories” checked, however it is not required. If this setting is unchecked, new repositories added to this organization will not be monitored by Fletch.
