Skip to content
This repository was archived by the owner on Apr 15, 2026. It is now read-only.
This repository was archived by the owner on Apr 15, 2026. It is now read-only.

feat(enterprise): add resource github_enterprise_code_security_configuration #81

Description

@vmvarela

Description

Add full CRUD resource for enterprise-level code security configurations. These are named policy bundles that enable/disable specific security features (Dependabot, GHAS, Secret Scanning, etc.) and can be attached to all repositories matching a scope.

This is the enterprise equivalent of github_organization_code_security_configuration (if it exists) and a more granular alternative to github_enterprise_security_analysis_settings.

go-github v84 API

func (s *EnterpriseService) ListCodeSecurityConfigurations(ctx context.Context, enterprise string, opts *ListEnterpriseCodeSecurityConfigurationOptions) ([]*CodeSecurityConfiguration, *Response, error)
// GET /enterprises/{enterprise}/code-security/configurations

func (s *EnterpriseService) CreateCodeSecurityConfiguration(ctx context.Context, enterprise string, config CodeSecurityConfiguration) (*CodeSecurityConfiguration, *Response, error)
// POST /enterprises/{enterprise}/code-security/configurations

func (s *EnterpriseService) GetCodeSecurityConfiguration(ctx context.Context, enterprise string, configurationID int64) (*CodeSecurityConfiguration, *Response, error)
// GET /enterprises/{enterprise}/code-security/configurations/{configuration_id}

func (s *EnterpriseService) UpdateCodeSecurityConfiguration(ctx context.Context, enterprise string, configurationID int64, config CodeSecurityConfiguration) (*CodeSecurityConfiguration, *Response, error)
// PATCH /enterprises/{enterprise}/code-security/configurations/{configuration_id}

func (s *EnterpriseService) DeleteCodeSecurityConfiguration(ctx context.Context, enterprise string, configurationID int64) (*Response, error)
// DELETE /enterprises/{enterprise}/code-security/configurations/{configuration_id}

func (s *EnterpriseService) AttachCodeSecurityConfigurationToRepositories(ctx context.Context, enterprise string, configurationID int64, scope string) (*Response, error)
// POST /enterprises/{enterprise}/code-security/configurations/{configuration_id}/attach

func (s *EnterpriseService) SetDefaultCodeSecurityConfiguration(ctx context.Context, enterprise string, configurationID int64, defaultForNewRepos string) (*CodeSecurityConfigurationWithDefaultForNewRepos, *Response, error)
// PUT /enterprises/{enterprise}/code-security/configurations/{configuration_id}/defaults

Acceptance Criteria

  • Resource github_enterprise_code_security_configuration with full CRUD
  • Schema: enterprise_slug, name, description, security feature toggles (advanced_security, dependabot_alerts, secret_scanning, etc.), enforcement
  • Optional: attach_scope field to trigger AttachCodeSecurityConfigurationToRepositories
  • Optional: default_for_new_repos field using SetDefaultCodeSecurityConfiguration
  • Data source github_enterprise_code_security_configurations to list configurations
  • Import via enterprise_slug:configuration_id
  • Registered in provider.go
  • Docs

Notes

  • Review resource_github_enterprise_security_analysis_settings.go as it covers overlapping functionality (Enable/Disable security feature)
  • AttachToRepositories is a fire-and-forget action, not tracked in state

Metadata

Metadata

Assignees

No one assigned

    Labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions