Add vulnerability_alerts attribute for repositories

github/resource_github_repository.go

@@ -130,6 +130,10 @@ func resourceGithubRepository() *schema.Resource {
 					ValidateFunc: validation.StringMatch(regexp.MustCompile(`^[a-z0-9][a-z0-9-]*$`), "must include only lowercase alphanumeric characters or hyphens and cannot start with a hyphen"),
 				},
 			},
+			"vulnerability_alerts": {
+				Type:     schema.TypeBool,
+				Optional: true,
+			},
 
 			"full_name": {
 				Type:     schema.TypeString,
@@ -284,6 +288,26 @@ func resourceGithubRepositoryCreate(d *schema.ResourceData, meta interface{}) er
 		}
 	}
 
+	var alerts, private bool
+	if a, ok := d.GetOk("vulnerability_alerts"); ok {
+		alerts = a.(bool)
+	}
+	if p, ok := d.GetOk("private"); ok {
+		private = p.(bool)
+	}
+	var createVulnerabilityAlerts func(context.Context, string, string) (*github.Response, error)
+	if private && alerts {
+		createVulnerabilityAlerts = client.Repositories.EnableVulnerabilityAlerts
+	} else if !private && !alerts {
+		createVulnerabilityAlerts = client.Repositories.DisableVulnerabilityAlerts
+	}
+	if createVulnerabilityAlerts != nil {
+		_, err = createVulnerabilityAlerts(ctx, orgName, repoName)
+		if err != nil {
+			return err
+		}
+	}
+
 	return resourceGithubRepositoryUpdate(d, meta)
 }
 
@@ -352,6 +376,12 @@ func resourceGithubRepositoryRead(d *schema.ResourceData, meta interface{}) erro
 		d.Set("template", []interface{}{})
 	}
 
+	vulnerabilityAlerts, _, err := client.Repositories.GetVulnerabilityAlerts(ctx, orgName, repoName)
+	if err != nil {
+		return fmt.Errorf("Error reading repository vulnerability alerts: %v", err)
+	}
+	d.Set("vulnerability_alerts", vulnerabilityAlerts)
+
 	return nil
 }
 
@@ -410,6 +440,18 @@ func resourceGithubRepositoryUpdate(d *schema.ResourceData, meta interface{}) er
 		}
 	}
 
+	if !d.IsNewResource() && d.HasChange("vulnerability_alerts") {
+		updateVulnerabilityAlerts := client.Repositories.DisableVulnerabilityAlerts
+		if vulnerabilityAlerts, ok := d.GetOk("vulnerability_alerts"); ok && vulnerabilityAlerts.(bool) {
+			updateVulnerabilityAlerts = client.Repositories.EnableVulnerabilityAlerts
+		}
+
+		_, err = updateVulnerabilityAlerts(ctx, orgName, repoName)
+		if err != nil {
+			return err
+		}
+	}
+
 	return resourceGithubRepositoryRead(d, meta)
 }
 

website/docs/r/repository.html.markdown

@@ -79,6 +79,8 @@ initial repository creation and create the target branch inside of the repositor
 
 * `template` - (Optional) Use a template repository to create this resource. See [Template Repositories](#template-repositories) below for details.
 
+* `vulnerability_alerts` - Set to `true` to enable security alerts for vulnerable dependencies. Enabling requires alerts to be enabled on the owner level. (Note for importing: GitHub enables the alerts on public repos but disables them on private repos by default.) See [GitHub Documentation](https://help.github.com/en/github/managing-security-vulnerabilities/about-security-alerts-for-vulnerable-dependencies) for details. 
+
 ### Template Repositories
 
 `template` supports the following arguments: