@@ -69,7 +69,7 @@ func GetDependabotAlert(t translations.TranslationHelperFunc) inventory.ServerTo
6969 alert , resp , err := client .Dependabot .GetRepoAlert (ctx , owner , repo , alertNumber )
7070 if err != nil {
7171 return ghErrors .NewGitHubAPIErrorResponse (ctx ,
72- fmt .Sprintf ("failed to get alert with number '%d'" , alertNumber ),
72+ dependabotErrMsg ( fmt .Sprintf ("failed to get alert with number '%d'" , alertNumber ), owner , repo , resp ),
7373 resp ,
7474 err ,
7575 ), nil , nil
@@ -160,7 +160,7 @@ func ListDependabotAlerts(t translations.TranslationHelperFunc) inventory.Server
160160 })
161161 if err != nil {
162162 return ghErrors .NewGitHubAPIErrorResponse (ctx ,
163- fmt .Sprintf ("failed to list alerts for repository '%s/%s'" , owner , repo ),
163+ dependabotErrMsg ( fmt .Sprintf ("failed to list alerts for repository '%s/%s'" , owner , repo ), owner , repo , resp ),
164164 resp ,
165165 err ,
166166 ), nil , nil
@@ -184,3 +184,16 @@ func ListDependabotAlerts(t translations.TranslationHelperFunc) inventory.Server
184184 },
185185 )
186186}
187+
188+ // dependabotErrMsg enhances error messages for dependabot API failures by
189+ // appending a hint about token permissions when the response indicates
190+ // the token may lack access to the repository (403 or 404).
191+ func dependabotErrMsg (base , owner , repo string , resp * github.Response ) string {
192+ if resp != nil && (resp .StatusCode == http .StatusForbidden || resp .StatusCode == http .StatusNotFound ) {
193+ return fmt .Sprintf ("%s. Your token may not have access to Dependabot alerts on %s/%s. " +
194+ "To access Dependabot alerts, the token needs the 'security_events' scope or, for fine-grained tokens, " +
195+ "Dependabot alerts read permission for this specific repository." ,
196+ base , owner , repo )
197+ }
198+ return base
199+ }
0 commit comments