Feature Request: Resource for managing Dependabot auto-triage rules (org and repo level)

## Description

GitHub provides **Dependabot auto-triage rules** (preset and custom) at both the organization and repository level. These rules allow automatic dismissal of low-impact alerts for development-scoped dependencies and custom auto-dismiss/reopen policies.

Currently, there is **no Terraform resource** to manage these rules. The only way to configure them is through the GitHub UI (Settings > Code security > Dependabot rules).

## Requested Resources

- `github_organization_dependabot_auto_triage_rule` — manage org-level Dependabot auto-triage rules
- `github_repository_dependabot_auto_triage_rule` — manage repo-level Dependabot auto-triage rules

### Example: Enable the GitHub preset rule at org level

```hcl
resource "github_organization_dependabot_auto_triage_rule" "dismiss_low_impact" {
  rule_type = "built_in"
  rule_name = "dismiss-low-impact"
  state     = "enabled"
}
```

### Example: Custom auto-triage rule

```hcl
resource "github_organization_dependabot_auto_triage_rule" "dismiss_dev_deps" {
  rule_type   = "custom"
  name        = "Dismiss dev dependency alerts"
  state       = "enabled"
  target      = "development"
  action      = "dismiss"
  ecosystems  = ["npm", "pip"]
  severities  = ["low", "moderate"]
}
```

## Use Case

Organizations managing GitHub configuration as Infrastructure as Code (IaC) with Terraform need the ability to configure Dependabot rules alongside other org/repo settings. Currently this is a manual UI-only step, which breaks the IaC workflow.

## GitHub UI Reference

The setting is found at: **Organization Settings > Code security and analysis > Dependabot rules**

GitHub presets include:
- **Dismiss low-impact alerts for development-scoped dependencies** (Enabled/Disabled)
- **Dismiss package malware alerts** (Enabled/Disabled)

## API Dependency

This feature likely requires a GitHub REST API endpoint for Dependabot auto-triage rules, which does not appear to exist yet. A prerequisite may be filing a request on the [GitHub public roadmap](https://github.com/github/roadmap).

## References

- [About Dependabot auto-triage rules](https://docs.github.com/en/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules)
- [Using GitHub preset rules](https://docs.github.com/en/code-security/dependabot/dependabot-auto-triage-rules/using-github-preset-rules-to-prioritize-dependabot-alerts)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Feature Request: Resource for managing Dependabot auto-triage rules (org and repo level) #3323

Description

Requested Resources

Example: Enable the GitHub preset rule at org level

Example: Custom auto-triage rule

Use Case

GitHub UI Reference

API Dependency

References

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Feature Request: Resource for managing Dependabot auto-triage rules (org and repo level) #3323

Description

Description

Requested Resources

Example: Enable the GitHub preset rule at org level

Example: Custom auto-triage rule

Use Case

GitHub UI Reference

API Dependency

References

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions