[FEAT]: Support managing Dependabot malware alerts

[raz-drift]

Describe the need

GitHub allows enabling Dependabot malware alerts on a per-repository basis (Settings > Advanced Security > Dependabot malware alerts). This setting controls whether Dependabot flags dependencies that contain known malware, separate from general vulnerability alerts.

Currently there is no Terraform resource or attribute to manage this setting. It can only be toggled through the GitHub UI.

A new resource (similar to github_repository_dependabot_security_updates) would allow teams to enforce this setting via IaC:

resource "github_repository_dependabot_malware_alerts" "example" {
  repository = github_repository.my_repo.name
  enabled    = true
}

Why this matters

• Organizations managing security settings as Infrastructure as Code have no way to enforce or detect drift on this setting
• The GitHub REST API does not expose a per-repository endpoint to read or write malware alert status, so even workarounds using null_resource + API calls are not possible
• As supply chain attacks targeting dependency managers become more common, malware detection is increasingly important to manage at scale

Workaround

None. The setting can only be managed through the GitHub UI. There is no REST API endpoint to read or write it at the repository level.

SDK Version

N/A

API Version

N/A

Relevant log output

N/A

Code of Conduct

• I agree to follow this project's Code of Conduct

[github-actions]

👋 Hi! Thank you for this contribution! Just to let you know, our GitHub SDK team does a round of issue and PR reviews twice a week, every Monday and Friday! We have a process in place for prioritizing and responding to your input. Because you are a part of this community please feel free to comment, add to, or pick up any issues/PRs that are labeled with Status: Up for grabs. You & others like you are the reason all of this works! So thank you & happy coding! 🚀