Skip to content


Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace

Folders and files

Last commit message
Last commit date

Latest commit



91 Commits

Repository files navigation

Check for Dependabot Vulnerability Alerts

Integration Test Lint

This is a simple python action that uses the GitHub GraphQL API to check how many open Dependabot vulnerability alerts are present on a repository.

This can be used to block merges/deployments if there are any outstanding vulnerabilities that need to be resolved first.


  • GitHub personal access token that has permissions to view vulnerability alerts of a repo. A guide on how to create one can be found here
  • GitHub secret containing your access token.

Example workflow

name: ๐Ÿš€ Deploy to Prod
on: workflow_dispatch
    runs-on: ubuntu-latest
    name: Deployment
      - name: Check Dependabot Alerts
        id: alerts
        uses: spicyparrot/check-dependabot@v1.2.0
          github_personal_token: ${{ secrets.ACTIONS_ACCESS_TOKEN }}  

      - name: Error Exit
        if: steps.alerts.outputs.total_alerts > 0
        run: echo "::error ::Open Vulnerability Alerts Found" && exit 1
      - name: Deploy
        run: |
          printf "No open vulnerabilities found. Running deployment now..."


Input Description
github_personal_token A GitHub Access token with access to vulnerability alerts


Output Description
total_alerts The total number of open alerts for your repository
critical_alerts Number of open critical alerts
high_alerts Number of open high alerts
moderate_alerts Number of open moderate alerts
low_alerts Number of open low alerts

GitHub Summary

Utilizing GitHub job summaries, a table with the breakdown of alerts is now visible as part of the action summary section:
