Description
Add full CRUD resource for enterprise-level code security configurations. These are named policy bundles that enable/disable specific security features (Dependabot, GHAS, Secret Scanning, etc.) and can be attached to all repositories matching a scope.
This is the enterprise equivalent of github_organization_code_security_configuration (if it exists) and a more granular alternative to github_enterprise_security_analysis_settings.
go-github v84 API
func (s *EnterpriseService) ListCodeSecurityConfigurations(ctx context.Context, enterprise string, opts *ListEnterpriseCodeSecurityConfigurationOptions) ([]*CodeSecurityConfiguration, *Response, error)
// GET /enterprises/{enterprise}/code-security/configurations
func (s *EnterpriseService) CreateCodeSecurityConfiguration(ctx context.Context, enterprise string, config CodeSecurityConfiguration) (*CodeSecurityConfiguration, *Response, error)
// POST /enterprises/{enterprise}/code-security/configurations
func (s *EnterpriseService) GetCodeSecurityConfiguration(ctx context.Context, enterprise string, configurationID int64) (*CodeSecurityConfiguration, *Response, error)
// GET /enterprises/{enterprise}/code-security/configurations/{configuration_id}
func (s *EnterpriseService) UpdateCodeSecurityConfiguration(ctx context.Context, enterprise string, configurationID int64, config CodeSecurityConfiguration) (*CodeSecurityConfiguration, *Response, error)
// PATCH /enterprises/{enterprise}/code-security/configurations/{configuration_id}
func (s *EnterpriseService) DeleteCodeSecurityConfiguration(ctx context.Context, enterprise string, configurationID int64) (*Response, error)
// DELETE /enterprises/{enterprise}/code-security/configurations/{configuration_id}
func (s *EnterpriseService) AttachCodeSecurityConfigurationToRepositories(ctx context.Context, enterprise string, configurationID int64, scope string) (*Response, error)
// POST /enterprises/{enterprise}/code-security/configurations/{configuration_id}/attach
func (s *EnterpriseService) SetDefaultCodeSecurityConfiguration(ctx context.Context, enterprise string, configurationID int64, defaultForNewRepos string) (*CodeSecurityConfigurationWithDefaultForNewRepos, *Response, error)
// PUT /enterprises/{enterprise}/code-security/configurations/{configuration_id}/defaults
Acceptance Criteria
Notes
- Review
resource_github_enterprise_security_analysis_settings.go as it covers overlapping functionality (Enable/Disable security feature)
AttachToRepositories is a fire-and-forget action, not tracked in state
Description
Add full CRUD resource for enterprise-level code security configurations. These are named policy bundles that enable/disable specific security features (Dependabot, GHAS, Secret Scanning, etc.) and can be attached to all repositories matching a scope.
This is the enterprise equivalent of
github_organization_code_security_configuration(if it exists) and a more granular alternative togithub_enterprise_security_analysis_settings.go-github v84 API
Acceptance Criteria
github_enterprise_code_security_configurationwith full CRUDenterprise_slug,name,description, security feature toggles (advanced_security, dependabot_alerts, secret_scanning, etc.),enforcementattach_scopefield to triggerAttachCodeSecurityConfigurationToRepositoriesdefault_for_new_reposfield usingSetDefaultCodeSecurityConfigurationgithub_enterprise_code_security_configurationsto list configurationsenterprise_slug:configuration_idprovider.goNotes
resource_github_enterprise_security_analysis_settings.goas it covers overlapping functionality (Enable/Disable security feature)AttachToRepositoriesis a fire-and-forget action, not tracked in state