Ensure GitHub repository has vulnerability alerts enabled
Error: GitHub Repository doesn't have vulnerability alerts enabled
Bridgecrew Policy ID: BC_REPO_GITHUB_TF_3
Checkov Check ID: CKV_GIT_3
Severity: LOW
GitHub Repository doesn't have vulnerability alerts enabled
Description
GitHub has the ability to scan dependencies for vulnerabilities. To enable this, you must also enable it at the owner level as well. By default, this is enabled for public repos but not for private repos.
Fix - Buildtime
Terraform
- Resource: github_repository
- Attribute: vulnerability_alerts
resource "github_repository" "example" {
+ vulnerability_alerts = true
}
Updated 10 months ago