Skip to content

GitHub repository has vulnerability alerts disabled.

Default Severity: high

Explanation

GitHub repository should be set to use vulnerability alerts.

You can do this by setting the vulnerability_alerts attribute to 'true'.

Possible Impact

Known vulnerabilities may not be discovered

Suggested Resolution

Enable vulnerability alerts

Insecure Example

The following example will fail the github-repositories-enable_vulnerability_alerts check.

 resource "github_repository" "bad_example" {
   name        = "example"
   description = "My awesome codebase"

   vulnerability_alerts = false

   template {
     owner = "github"
     repository = "terraform-module-template"
   }
 }

Secure Example

The following example will pass the github-repositories-enable_vulnerability_alerts check.

 resource "github_repository" "good_example" {
   name        = "example"
   description = "My awesome codebase"

   vulnerability_alerts = true

   template {
     owner = "github"
     repository = "terraform-module-template"
   }
 }