> ## Documentation Index > Fetch the complete documentation index at: https://docs.backline.ai/llms.txt > Use this file to discover all available pages before exploring further. # Dependabot Integration > Import Dependabot vulnerability alerts into Backline ## Overview GitHub Dependabot automatically scans your repositories for vulnerable dependencies and creates alerts when vulnerabilities are detected. Through Backline's GitHub integration, you can import these Dependabot alerts as SCA (Software Composition Analysis) vulnerabilities, enabling centralized remediation workflows alongside findings from other security scanners. ## What You Can Do With Dependabot scanning enabled, Backline can: * Automatically import SCA vulnerabilities from Dependabot alerts * Track vulnerabilities detected across your GitHub repositories * Create remediation workflows for imported vulnerabilities * Deduplicate findings across multiple repositories * Centralize security vulnerabilities from Dependabot with other scanners in one place ## Prerequisites Before enabling Dependabot scanning, ensure you have: * A connected [GitHub integration](/integrations/github) in Backline * Dependabot Alerts enabled in your GitHub repository settings * The Backline GitHub App installed with access to the target repositories ## Enabling Dependabot in GitHub If Dependabot Alerts are not yet enabled for your repositories: In GitHub, navigate to your repository and click **Settings**. In the left sidebar, click **Code security and analysis**. Find **Dependabot alerts** and click **Enable** to activate vulnerability scanning for the repository. Organization owners can enable Dependabot Alerts for all repositories at the organization level through the organization's security settings. ## Enabling Dependabot Scan in Backline In Backline, go to the Integration Hub from the main menu. Find the GitHub integration card and click **Configure** to open the integration details. In the integration modal, navigate to the **Configuration** tab. Check the **Enable Dependabot Scan** checkbox to activate Dependabot alert ingestion. ## How It Works Once enabled, Backline will: 1. **Fetch Alerts**: Periodically scan your GitHub repositories for Dependabot alerts 2. **Filter Relevant Issues**: Import vulnerability alerts that contain CVE information 3. **Map to Repositories**: Associate vulnerabilities with the correct repositories in your Backline workspace 4. **Track Detection Time**: Preserve the original detection timestamp from Dependabot ## Scan Schedule After enabling Dependabot scanning, Backline automatically schedules periodic scans to fetch new vulnerability alerts. Vulnerabilities are kept up to date with regular synchronization. The initial scan begins shortly after enabling the feature. You can view imported vulnerabilities in the Vulnerabilities section. ## Troubleshooting ### Missing Vulnerabilities If expected vulnerabilities are not appearing: * Verify Dependabot Alerts are enabled in your GitHub repository settings * Ensure the Backline GitHub App has access to the repository * Check that the **Enable Dependabot Scan** option is checked in the GitHub integration configuration * Only vulnerabilities with CVE identifiers are imported ### Repositories Not Scanned If certain repositories are not being scanned: * Verify the repository is included in the Backline GitHub App installation * Check that Dependabot Alerts are enabled for that specific repository * Ensure the repository is not archived or disabled ## Related Learn how to connect your GitHub repositories to Backline Understand how Backline manages and prioritizes vulnerabilities