Ensure GitHub repository has vulnerability alerts enabled

Error: GitHub Repository doesn't have vulnerability alerts enabled
Bridgecrew Policy ID: BC_REPO_GITHUB_TF_3
Checkov Check ID: CKV_GIT_3
Severity: LOW

GitHub Repository doesn't have vulnerability alerts enabled

Description

GitHub has the ability to scan dependencies for vulnerabilities. To enable this, you must also enable it at the owner level as well. By default, this is enabled for public repos but not for private repos.

Fix - Buildtime

Terraform

  • Resource: github_repository
  • Attribute: vulnerability_alerts
resource "github_repository" "example" {
+  vulnerability_alerts = true
}