I've set my maven.yml to update my projects dependency graph when it builds, but it always faisl with this error:

Error: Response body:
{
  "message": "Resource not accessible by integration",
  "documentation_url": "https://docs.github.com/rest/dependency-graph/dependency-submission#create-a-snapshot-of-dependencies-for-a-repository"
}
Error: Resource not accessible by integration
Error: HttpError: Resource not accessible by integration
    at /home/runner/work/_actions/advanced-security/maven-dependency-submission-action/571e99aab1055c2e71a1e2309b9691de18d6b7d6/webpack:/maven-dependency-tree-action/node_modules/@github/dependency-submission-toolkit/dist/index.js:5317:1
    at processTicksAndRejections (node:internal/process/task_queues:96:5)

/home/runner/work/_actions/advanced-security/maven-dependency-submission-action/571e99aab1055c2e71a1e2309b9691de18d6b7d6/webpack:/maven-dependency-tree-action/node_modules/@github/dependency-submission-toolkit/dist/index.js:396
        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
^
Error: Failed to submit snapshot: HttpError: Resource not accessible by integration
    at /home/runner/work/_actions/advanced-security/maven-dependency-submission-action/571e99aab1055c2e71a1e2309b9691de18d6b7d6/webpack:/maven-dependency-tree-action/node_modules/@github/dependency-submission-toolkit/dist/index.js:499:1
    at Generator.throw (<anonymous>)
    at rejected (/home/runner/work/_actions/advanced-security/maven-dependency-submission-action/571e99aab1055c2e71a1e2309b9691de18d6b7d6/webpack:/maven-dependency-tree-action/node_modules/@github/dependency-submission-toolkit/dist/index.js:396:1)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)

I have a dependabot.yml file included in my .github directory. I'm not exactly sure why this part of the build keeps failing, and have not found a solution on GitHub's official documentation. Any help would be appreciated!

maven.yml:

name: Java CI with Maven

on:
  push:
    branches: [ "master" ]
  pull_request:
    branches: [ "master" ]

jobs:
  build:

    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v3
      - name: Set up JDK 17
        uses: graalvm/setup-graalvm@v1
        with:
          java-version: '17.0.7'
          distribution: 'graalvm' # See 'Options' for all available distributions
          github-token: ${{ secrets.GITHUB_TOKEN }}
          cache: 'maven'
          check-for-updates: 'true'
      - name: Build with Maven
        run: mvn -B package --file pom.xml

      # Optional: Uploads the full dependency graph to GitHub to improve the quality of Dependabot alerts this repository can receive
      - name: Update dependency graph
        uses: advanced-security/maven-dependency-submission-action@571e99aab1055c2e71a1e2309b9691de18d6b7d6
        with:
          github-token: ${{ secrets.YOUR_PERSONAL_ACCESS_TOKEN }}

dependabot.yml:

version: 2
updates:
  - package-ecosystem: "maven" # See documentation for possible values
    directory: "/" # Location of package manifests: pom.xml
    schedule:
      interval: "weekly"

You have to enable the Dependency Graph in the "Code security and analysis" settings. Follow this link for detailed steps.

In my case I have a public repository and faced the same issue. To solve it I had to give write permissions to the workflow inside the Settings view, like shown in the screenshot below:

NOTE: If you have a private repository, you need to explicitly enable the dependency graph according to the doc

Check if you have the repo scope to the PAT as mentioned in pre-requisites .