From c84f1359de91a445c3643def71841eceba36fb3a Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 27 Apr 2026 20:43:58 +0000
Subject: [PATCH 1/7] Initial plan


From 35eaa92db2626ce340b969fd23e71db3ee2099f9 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 27 Apr 2026 20:48:23 +0000
Subject: [PATCH 2/7] Add archived field and
 github_repository_vulnerability_alerts resource support

Agent-Logs-Url: https://github.com/FociSolutions/github-foundations-modules/sessions/abf03a4e-e87a-40f7-9a8f-2657b18dd4db

Co-authored-by: bzarboni1 <99673202+bzarboni1@users.noreply.github.com>
---
 modules/internal_repository/repository.tf     |  1 +
 modules/internal_repository/variables.tf      |  6 ++++++
 modules/private_repository/repository.tf      |  1 +
 modules/private_repository/variables.tf       |  6 ++++++
 modules/public_repository/repository.tf       |  1 +
 modules/public_repository/variables.tf        |  6 ++++++
 modules/repository_base/repository.tf         |  6 ++++++
 modules/repository_base/repository.tftest.hcl | 15 +++++++++++++++
 modules/repository_base/variables.tf          |  6 ++++++
 modules/repository_set/repositories.tf        |  3 +++
 modules/repository_set/variables.tf           |  3 +++
 11 files changed, 54 insertions(+)

diff --git a/modules/internal_repository/repository.tf b/modules/internal_repository/repository.tf
index 1ca7122..c59a21d 100644
--- a/modules/internal_repository/repository.tf
+++ b/modules/internal_repository/repository.tf
@@ -38,6 +38,7 @@ module "repository_base" {
   has_vulnerability_alerts    = true
   advance_security            = var.advance_security
   dependabot_security_updates = var.dependabot_security_updates
+  archived                    = var.archived
 
   codespace_secrets  = var.codespace_secrets
   dependabot_secrets = var.dependabot_secrets
diff --git a/modules/internal_repository/variables.tf b/modules/internal_repository/variables.tf
index 0bfdeec..086889a 100644
--- a/modules/internal_repository/variables.tf
+++ b/modules/internal_repository/variables.tf
@@ -67,6 +67,12 @@ variable "dependabot_security_updates" {
   default     = true
 }
 
+variable "archived" {
+  description = "Specifies if the repository should be archived. Defaults to false."
+  type        = bool
+  default     = false
+}
+
 variable "advance_security" {
   description = "Enables advance security for the repository. If repository is public `advance_security` is enabled by default and cannot be changed."
   type        = bool
diff --git a/modules/private_repository/repository.tf b/modules/private_repository/repository.tf
index 69f193d..9cccf59 100644
--- a/modules/private_repository/repository.tf
+++ b/modules/private_repository/repository.tf
@@ -38,6 +38,7 @@ module "repository_base" {
   has_vulnerability_alerts    = true
   advance_security            = var.advance_security
   dependabot_security_updates = var.dependabot_security_updates
+  archived                    = var.archived
 
   codespace_secrets  = var.codespace_secrets
   dependabot_secrets = var.dependabot_secrets
diff --git a/modules/private_repository/variables.tf b/modules/private_repository/variables.tf
index 9b32d5e..d4aca44 100644
--- a/modules/private_repository/variables.tf
+++ b/modules/private_repository/variables.tf
@@ -67,6 +67,12 @@ variable "dependabot_security_updates" {
   default     = true
 }
 
+variable "archived" {
+  description = "Specifies if the repository should be archived. Defaults to false."
+  type        = bool
+  default     = false
+}
+
 variable "advance_security" {
   description = "Enables advance security for the repository."
   type        = bool
diff --git a/modules/public_repository/repository.tf b/modules/public_repository/repository.tf
index 105e184..c743d9a 100644
--- a/modules/public_repository/repository.tf
+++ b/modules/public_repository/repository.tf
@@ -34,6 +34,7 @@ module "repository_base" {
   has_vulnerability_alerts    = true
   advance_security            = var.advance_security
   dependabot_security_updates = var.dependabot_security_updates
+  archived                    = var.archived
 
   codespace_secrets  = var.codespace_secrets
   dependabot_secrets = var.dependabot_secrets
diff --git a/modules/public_repository/variables.tf b/modules/public_repository/variables.tf
index 6e1cc09..1bfbb65 100644
--- a/modules/public_repository/variables.tf
+++ b/modules/public_repository/variables.tf
@@ -67,6 +67,12 @@ variable "dependabot_security_updates" {
   default     = true
 }
 
+variable "archived" {
+  description = "Specifies if the repository should be archived. Defaults to false."
+  type        = bool
+  default     = false
+}
+
 variable "advance_security" {
   description = "Enables advance security for the repository. If repository is public `advance_security` is enabled by default and cannot be changed."
   type        = bool
diff --git a/modules/repository_base/repository.tf b/modules/repository_base/repository.tf
index d24f06b..d70f601 100644
--- a/modules/repository_base/repository.tf
+++ b/modules/repository_base/repository.tf
@@ -15,6 +15,7 @@ resource "github_repository" "repository" {
 
   auto_init                   = true
   archive_on_destroy          = false
+  archived                    = var.archived
   has_downloads               = var.has_downloads
   has_issues                  = var.has_issues
   has_projects                = var.has_projects
@@ -95,6 +96,11 @@ resource "github_repository_dependabot_security_updates" "automated_security_fix
   enabled    = true
 }
 
+resource "github_repository_vulnerability_alerts" "vulnerability_alerts" {
+  count      = var.has_vulnerability_alerts ? 1 : 0
+  repository = github_repository.repository.name
+}
+
 resource "github_branch_default" "default_branch" {
   repository = github_repository.repository.name
   branch     = var.default_branch
diff --git a/modules/repository_base/repository.tftest.hcl b/modules/repository_base/repository.tftest.hcl
index 8c77e5b..af7af88 100644
--- a/modules/repository_base/repository.tftest.hcl
+++ b/modules/repository_base/repository.tftest.hcl
@@ -76,6 +76,10 @@ run "repository_test" {
     condition     = github_repository.repository.archive_on_destroy == false
     error_message = "Repository archive_on_destroy does not match. Expected: false, Actual: ${github_repository.repository.archive_on_destroy}"
   }
+  assert {
+    condition     = github_repository.repository.archived == var.archived
+    error_message = "Repository archived does not match. Expected: ${var.archived}, Actual: ${github_repository.repository.archived}"
+  }
   assert {
     condition     = github_repository.repository.has_downloads == var.has_downloads
     error_message = "Repository has_downloads does not match. Expected: ${var.has_downloads}, Actual: ${github_repository.repository.has_downloads}"
@@ -205,6 +209,17 @@ run "automated_security_fixes_test" {
   }
 }
 
+run "vulnerability_alerts_test" {
+  assert {
+    condition     = length(github_repository_vulnerability_alerts.vulnerability_alerts) == 1
+    error_message = "Repository vulnerability_alerts count does not match. Expected: 1, Actual: ${length(github_repository_vulnerability_alerts.vulnerability_alerts)}"
+  }
+  assert {
+    condition     = github_repository_vulnerability_alerts.vulnerability_alerts[0].repository == var.name
+    error_message = "Repository vulnerability_alerts repository does not match. Expected: ${var.name}, Actual: ${github_repository_vulnerability_alerts.vulnerability_alerts[0].repository}"
+  }
+}
+
 run "default_branch_test" {
   assert {
     condition     = github_branch_default.default_branch.repository == var.name
diff --git a/modules/repository_base/variables.tf b/modules/repository_base/variables.tf
index f2185f2..6439d30 100644
--- a/modules/repository_base/variables.tf
+++ b/modules/repository_base/variables.tf
@@ -67,6 +67,12 @@ variable "has_vulnerability_alerts" {
   default     = true
 }
 
+variable "archived" {
+  description = "Specifies if the repository should be archived. Defaults to false."
+  type        = bool
+  default     = false
+}
+
 variable "topics" {
   description = "The topics to apply to the repository"
   type        = list(string)
diff --git a/modules/repository_set/repositories.tf b/modules/repository_set/repositories.tf
index fe148e8..50e3842 100644
--- a/modules/repository_set/repositories.tf
+++ b/modules/repository_set/repositories.tf
@@ -49,6 +49,7 @@ module "public_repositories" {
   requires_web_commit_signing = each.value.requires_web_commit_signing
   rulesets                    = lookup(local.rulesets_by_public_repository, each.key, {})
   pages                       = each.value.pages
+  archived                    = each.value.archived
 }
 
 module "private_repositories" {
@@ -85,6 +86,7 @@ module "private_repositories" {
   requires_web_commit_signing = each.value.requires_web_commit_signing
   rulesets                    = lookup(local.rulesets_by_private_repository, each.key, {})
   pages                       = each.value.pages
+  archived                    = each.value.archived
 }
 
 module "internal_repositories" {
@@ -120,4 +122,5 @@ module "internal_repositories" {
   requires_web_commit_signing = each.value.requires_web_commit_signing
   rulesets                    = lookup(local.rulesets_by_internal_repository, each.key, {})
   pages                       = each.value.pages
+  archived                    = each.value.archived
 }
diff --git a/modules/repository_set/variables.tf b/modules/repository_set/variables.tf
index 4b151a0..8479158 100644
--- a/modules/repository_set/variables.tf
+++ b/modules/repository_set/variables.tf
@@ -55,6 +55,7 @@ variable "private_repositories" {
       build_type = optional(string)
       cname      = optional(string)
     }))
+    archived = optional(bool)
   }))
   description = "A map of private repositories where the key is the repository name and the value is the configuration"
 }
@@ -115,6 +116,7 @@ variable "public_repositories" {
       build_type = optional(string)
       cname      = optional(string)
     }))
+    archived = optional(bool)
   }))
   description = "A map of public repositories where the key is the repository name and the value is the configuration"
 }
@@ -175,6 +177,7 @@ variable "internal_repositories" {
       build_type = optional(string)
       cname      = optional(string)
     }))
+    archived = optional(bool)
   }))
   description = "A map of internal repositories where the key is the repository name and the value is the configuration"
   default     = {}

From 197ea50144d213014e6e63e393db096efe026d3f Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 27 Apr 2026 20:59:35 +0000
Subject: [PATCH 3/7] Add dedicated github_repository_vulnerability_alerts
 variable (default false) to control vulnerability alerts resource

Agent-Logs-Url: https://github.com/FociSolutions/github-foundations-modules/sessions/7eae243c-710f-4a41-a123-097d391f3218

Co-authored-by: bzarboni1 <99673202+bzarboni1@users.noreply.github.com>
---
 modules/internal_repository/repository.tf     | 2 ++
 modules/internal_repository/variables.tf      | 6 ++++++
 modules/private_repository/repository.tf      | 2 ++
 modules/private_repository/variables.tf       | 6 ++++++
 modules/public_repository/repository.tf       | 2 ++
 modules/public_repository/variables.tf        | 6 ++++++
 modules/repository_base/repository.tf         | 2 +-
 modules/repository_base/repository.tftest.hcl | 3 ++-
 modules/repository_base/variables.tf          | 6 ++++++
 modules/repository_set/repositories.tf        | 3 +++
 modules/repository_set/variables.tf           | 3 +++
 11 files changed, 39 insertions(+), 2 deletions(-)

diff --git a/modules/internal_repository/repository.tf b/modules/internal_repository/repository.tf
index c59a21d..400b803 100644
--- a/modules/internal_repository/repository.tf
+++ b/modules/internal_repository/repository.tf
@@ -40,6 +40,8 @@ module "repository_base" {
   dependabot_security_updates = var.dependabot_security_updates
   archived                    = var.archived
 
+  github_repository_vulnerability_alerts = var.github_repository_vulnerability_alerts
+
   codespace_secrets  = var.codespace_secrets
   dependabot_secrets = var.dependabot_secrets
   action_secrets     = var.action_secrets
diff --git a/modules/internal_repository/variables.tf b/modules/internal_repository/variables.tf
index 086889a..2719e69 100644
--- a/modules/internal_repository/variables.tf
+++ b/modules/internal_repository/variables.tf
@@ -67,6 +67,12 @@ variable "dependabot_security_updates" {
   default     = true
 }
 
+variable "github_repository_vulnerability_alerts" {
+  description = "Enables the github_repository_vulnerability_alerts resource which explicitly manages Dependabot vulnerability alert enablement for the repository. Defaults to false."
+  type        = bool
+  default     = false
+}
+
 variable "archived" {
   description = "Specifies if the repository should be archived. Defaults to false."
   type        = bool
diff --git a/modules/private_repository/repository.tf b/modules/private_repository/repository.tf
index 9cccf59..7225e09 100644
--- a/modules/private_repository/repository.tf
+++ b/modules/private_repository/repository.tf
@@ -40,6 +40,8 @@ module "repository_base" {
   dependabot_security_updates = var.dependabot_security_updates
   archived                    = var.archived
 
+  github_repository_vulnerability_alerts = var.github_repository_vulnerability_alerts
+
   codespace_secrets  = var.codespace_secrets
   dependabot_secrets = var.dependabot_secrets
   action_secrets     = var.action_secrets
diff --git a/modules/private_repository/variables.tf b/modules/private_repository/variables.tf
index d4aca44..c5bca8f 100644
--- a/modules/private_repository/variables.tf
+++ b/modules/private_repository/variables.tf
@@ -67,6 +67,12 @@ variable "dependabot_security_updates" {
   default     = true
 }
 
+variable "github_repository_vulnerability_alerts" {
+  description = "Enables the github_repository_vulnerability_alerts resource which explicitly manages Dependabot vulnerability alert enablement for the repository. Defaults to false."
+  type        = bool
+  default     = false
+}
+
 variable "archived" {
   description = "Specifies if the repository should be archived. Defaults to false."
   type        = bool
diff --git a/modules/public_repository/repository.tf b/modules/public_repository/repository.tf
index c743d9a..745c9d2 100644
--- a/modules/public_repository/repository.tf
+++ b/modules/public_repository/repository.tf
@@ -36,6 +36,8 @@ module "repository_base" {
   dependabot_security_updates = var.dependabot_security_updates
   archived                    = var.archived
 
+  github_repository_vulnerability_alerts = var.github_repository_vulnerability_alerts
+
   codespace_secrets  = var.codespace_secrets
   dependabot_secrets = var.dependabot_secrets
   action_secrets     = var.action_secrets
diff --git a/modules/public_repository/variables.tf b/modules/public_repository/variables.tf
index 1bfbb65..8aad623 100644
--- a/modules/public_repository/variables.tf
+++ b/modules/public_repository/variables.tf
@@ -67,6 +67,12 @@ variable "dependabot_security_updates" {
   default     = true
 }
 
+variable "github_repository_vulnerability_alerts" {
+  description = "Enables the github_repository_vulnerability_alerts resource which explicitly manages Dependabot vulnerability alert enablement for the repository. Defaults to false."
+  type        = bool
+  default     = false
+}
+
 variable "archived" {
   description = "Specifies if the repository should be archived. Defaults to false."
   type        = bool
diff --git a/modules/repository_base/repository.tf b/modules/repository_base/repository.tf
index d70f601..6f9b59e 100644
--- a/modules/repository_base/repository.tf
+++ b/modules/repository_base/repository.tf
@@ -97,7 +97,7 @@ resource "github_repository_dependabot_security_updates" "automated_security_fix
 }
 
 resource "github_repository_vulnerability_alerts" "vulnerability_alerts" {
-  count      = var.has_vulnerability_alerts ? 1 : 0
+  count      = var.github_repository_vulnerability_alerts ? 1 : 0
   repository = github_repository.repository.name
 }
 
diff --git a/modules/repository_base/repository.tftest.hcl b/modules/repository_base/repository.tftest.hcl
index af7af88..d21b82b 100644
--- a/modules/repository_base/repository.tftest.hcl
+++ b/modules/repository_base/repository.tftest.hcl
@@ -9,7 +9,8 @@ variables {
   has_projects                = true
   has_wiki                    = true
   has_discussions             = true
-  has_vulnerability_alerts    = true
+  has_vulnerability_alerts               = true
+  github_repository_vulnerability_alerts = true
   topics                      = ["terraform", "github", "foundations"]
   homepage                    = "myhomepage"
   delete_head_on_merge        = false
diff --git a/modules/repository_base/variables.tf b/modules/repository_base/variables.tf
index 6439d30..9c6ebe9 100644
--- a/modules/repository_base/variables.tf
+++ b/modules/repository_base/variables.tf
@@ -67,6 +67,12 @@ variable "has_vulnerability_alerts" {
   default     = true
 }
 
+variable "github_repository_vulnerability_alerts" {
+  description = "Enables the github_repository_vulnerability_alerts resource which explicitly manages Dependabot vulnerability alert enablement for the repository. Defaults to false."
+  type        = bool
+  default     = false
+}
+
 variable "archived" {
   description = "Specifies if the repository should be archived. Defaults to false."
   type        = bool
diff --git a/modules/repository_set/repositories.tf b/modules/repository_set/repositories.tf
index 50e3842..0ad469e 100644
--- a/modules/repository_set/repositories.tf
+++ b/modules/repository_set/repositories.tf
@@ -50,6 +50,7 @@ module "public_repositories" {
   rulesets                    = lookup(local.rulesets_by_public_repository, each.key, {})
   pages                       = each.value.pages
   archived                    = each.value.archived
+  github_repository_vulnerability_alerts = each.value.github_repository_vulnerability_alerts
 }
 
 module "private_repositories" {
@@ -87,6 +88,7 @@ module "private_repositories" {
   rulesets                    = lookup(local.rulesets_by_private_repository, each.key, {})
   pages                       = each.value.pages
   archived                    = each.value.archived
+  github_repository_vulnerability_alerts = each.value.github_repository_vulnerability_alerts
 }
 
 module "internal_repositories" {
@@ -123,4 +125,5 @@ module "internal_repositories" {
   rulesets                    = lookup(local.rulesets_by_internal_repository, each.key, {})
   pages                       = each.value.pages
   archived                    = each.value.archived
+  github_repository_vulnerability_alerts = each.value.github_repository_vulnerability_alerts
 }
diff --git a/modules/repository_set/variables.tf b/modules/repository_set/variables.tf
index 8479158..178418a 100644
--- a/modules/repository_set/variables.tf
+++ b/modules/repository_set/variables.tf
@@ -56,6 +56,7 @@ variable "private_repositories" {
       cname      = optional(string)
     }))
     archived = optional(bool)
+    github_repository_vulnerability_alerts = optional(bool)
   }))
   description = "A map of private repositories where the key is the repository name and the value is the configuration"
 }
@@ -117,6 +118,7 @@ variable "public_repositories" {
       cname      = optional(string)
     }))
     archived = optional(bool)
+    github_repository_vulnerability_alerts = optional(bool)
   }))
   description = "A map of public repositories where the key is the repository name and the value is the configuration"
 }
@@ -178,6 +180,7 @@ variable "internal_repositories" {
       cname      = optional(string)
     }))
     archived = optional(bool)
+    github_repository_vulnerability_alerts = optional(bool)
   }))
   description = "A map of internal repositories where the key is the repository name and the value is the configuration"
   default     = {}

From 974e34174d94cc30c54811334f50ad950ff307b4 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 27 Apr 2026 21:00:15 +0000
Subject: [PATCH 4/7] Fix alignment of has_vulnerability_alerts in test
 variables

Agent-Logs-Url: https://github.com/FociSolutions/github-foundations-modules/sessions/7eae243c-710f-4a41-a123-097d391f3218

Co-authored-by: bzarboni1 <99673202+bzarboni1@users.noreply.github.com>
---
 modules/repository_base/repository.tftest.hcl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/repository_base/repository.tftest.hcl b/modules/repository_base/repository.tftest.hcl
index d21b82b..493158b 100644
--- a/modules/repository_base/repository.tftest.hcl
+++ b/modules/repository_base/repository.tftest.hcl
@@ -9,7 +9,7 @@ variables {
   has_projects                = true
   has_wiki                    = true
   has_discussions             = true
-  has_vulnerability_alerts               = true
+  has_vulnerability_alerts    = true
   github_repository_vulnerability_alerts = true
   topics                      = ["terraform", "github", "foundations"]
   homepage                    = "myhomepage"

From 254d4bb3df31085a62f3846b0a782d2caf74beb3 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Mon, 27 Apr 2026 21:00:50 +0000
Subject: [PATCH 5/7] terraform-docs: automated action

---
 modules/internal_repository/README.md | 2 ++
 modules/private_repository/README.md  | 2 ++
 modules/public_repository/README.md   | 2 ++
 modules/repository_base/README.md     | 3 +++
 modules/repository_set/README.md      | 6 +++---
 5 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/modules/internal_repository/README.md b/modules/internal_repository/README.md
index e4b9f31..d0c3c7d 100644
--- a/modules/internal_repository/README.md
+++ b/modules/internal_repository/README.md
@@ -29,6 +29,7 @@ No resources.
 | <a name="input_allow_merge_commit"></a> [allow\_merge\_commit](#input\_allow\_merge\_commit) | (Optional) Set to `false` to disable merge commits on the repository. | `bool` | `true` | no |
 | <a name="input_allow_rebase_merge"></a> [allow\_rebase\_merge](#input\_allow\_rebase\_merge) | (Optional) Set to `false` to disable rebase merges on the repository. | `bool` | `true` | no |
 | <a name="input_allow_squash_merge"></a> [allow\_squash\_merge](#input\_allow\_squash\_merge) | (Optional) Set to `false` to disable squash merges on the repository. | `bool` | `true` | no |
+| <a name="input_archived"></a> [archived](#input\_archived) | Specifies if the repository should be archived. Defaults to false. | `bool` | `false` | no |
 | <a name="input_codespace_secrets"></a> [codespace\_secrets](#input\_codespace\_secrets) | An (Optional) map of GitHub Codespace secrets to create for this repository. The key is the name of the secret and the value is the encrypted value. | `map(string)` | `{}` | no |
 | <a name="input_default_branch"></a> [default\_branch](#input\_default\_branch) | The branch to set as the default branch for this repository. Defaults to "main" | `string` | `"main"` | no |
 | <a name="input_delete_head_on_merge"></a> [delete\_head\_on\_merge](#input\_delete\_head\_on\_merge) | Sets the delete head on merge option for the repository. If true it will delete pull request branches automatically on merge. Defaults to true | `bool` | `true` | no |
@@ -36,6 +37,7 @@ No resources.
 | <a name="input_dependabot_security_updates"></a> [dependabot\_security\_updates](#input\_dependabot\_security\_updates) | Enables dependabot security updates. Only works when `has_vulnerability_alerts` is set because that is required to enable dependabot for the repository. | `bool` | `true` | no |
 | <a name="input_description"></a> [description](#input\_description) | The description to give to the repository. Defaults to `""` | `string` | `""` | no |
 | <a name="input_environments"></a> [environments](#input\_environments) | Environments to create for the repository. | <pre>map(object({<br/>    wait_timer          = optional(number)<br/>    can_admins_bypass   = optional(bool)<br/>    prevent_self_review = optional(bool)<br/>    action_secrets      = optional(map(string))<br/>    reviewers = optional(object({<br/>      teams = optional(list(string))<br/>      users = optional(list(string))<br/>    }))<br/>    deployment_branch_policy = optional(object({<br/>      protected_branches     = bool<br/>      custom_branch_policies = bool<br/>      branch_patterns        = list(string)<br/>    }))<br/>  }))</pre> | `{}` | no |
+| <a name="input_github_repository_vulnerability_alerts"></a> [github\_repository\_vulnerability\_alerts](#input\_github\_repository\_vulnerability\_alerts) | Enables the github\_repository\_vulnerability\_alerts resource which explicitly manages Dependabot vulnerability alert enablement for the repository. Defaults to false. | `bool` | `false` | no |
 | <a name="input_has_ghas_license"></a> [has\_ghas\_license](#input\_has\_ghas\_license) | If the organization owning the repository has a GitHub Advanced Security license or not. Defaults to false. | `bool` | `false` | no |
 | <a name="input_homepage"></a> [homepage](#input\_homepage) | The homepage for the repository | `string` | `""` | no |
 | <a name="input_license_template"></a> [license\_template](#input\_license\_template) | The (Optional) license template to apply to the repository | `string` | `null` | no |
diff --git a/modules/private_repository/README.md b/modules/private_repository/README.md
index 50d1000..0cf4dcd 100644
--- a/modules/private_repository/README.md
+++ b/modules/private_repository/README.md
@@ -29,6 +29,7 @@ No resources.
 | <a name="input_allow_merge_commit"></a> [allow\_merge\_commit](#input\_allow\_merge\_commit) | (Optional) Set to `false` to disable merge commits on the repository. | `bool` | `true` | no |
 | <a name="input_allow_rebase_merge"></a> [allow\_rebase\_merge](#input\_allow\_rebase\_merge) | (Optional) Set to `false` to disable rebase merges on the repository. | `bool` | `true` | no |
 | <a name="input_allow_squash_merge"></a> [allow\_squash\_merge](#input\_allow\_squash\_merge) | (Optional) Set to `false` to disable squash merges on the repository. | `bool` | `true` | no |
+| <a name="input_archived"></a> [archived](#input\_archived) | Specifies if the repository should be archived. Defaults to false. | `bool` | `false` | no |
 | <a name="input_codespace_secrets"></a> [codespace\_secrets](#input\_codespace\_secrets) | An (Optional) map of Github Codespace secrets to create for this repository. The key is the name of the secret and the value is the encrypted value. | `map(string)` | `{}` | no |
 | <a name="input_default_branch"></a> [default\_branch](#input\_default\_branch) | The branch to set as the default branch for this repository. Defaults to "main" | `string` | `"main"` | no |
 | <a name="input_delete_head_on_merge"></a> [delete\_head\_on\_merge](#input\_delete\_head\_on\_merge) | Sets the delete head on merge option for the repository. If true it will delete pull request branches automatically on merge. Defaults to true | `bool` | `true` | no |
@@ -36,6 +37,7 @@ No resources.
 | <a name="input_dependabot_security_updates"></a> [dependabot\_security\_updates](#input\_dependabot\_security\_updates) | Enables dependabot security updates. Only works when `has_vulnerability_alerts` is set because that is required to enable dependabot for the repository. | `bool` | `true` | no |
 | <a name="input_description"></a> [description](#input\_description) | The description to give to the repository. Defaults to `""` | `string` | `""` | no |
 | <a name="input_environments"></a> [environments](#input\_environments) | Environments to create for the repository. | <pre>map(object({<br/>    wait_timer          = optional(number)<br/>    can_admins_bypass   = optional(bool)<br/>    prevent_self_review = optional(bool)<br/>    action_secrets      = optional(map(string))<br/>    reviewers = optional(object({<br/>      teams = optional(list(string))<br/>      users = optional(list(string))<br/>    }))<br/>    deployment_branch_policy = optional(object({<br/>      protected_branches     = bool<br/>      custom_branch_policies = bool<br/>      branch_patterns        = list(string)<br/>    }))<br/>  }))</pre> | `{}` | no |
+| <a name="input_github_repository_vulnerability_alerts"></a> [github\_repository\_vulnerability\_alerts](#input\_github\_repository\_vulnerability\_alerts) | Enables the github\_repository\_vulnerability\_alerts resource which explicitly manages Dependabot vulnerability alert enablement for the repository. Defaults to false. | `bool` | `false` | no |
 | <a name="input_has_ghas_license"></a> [has\_ghas\_license](#input\_has\_ghas\_license) | If the organization owning the repository has a GitHub Advanced Security license or not. Defaults to false. | `bool` | `false` | no |
 | <a name="input_homepage"></a> [homepage](#input\_homepage) | The homepage for the repository | `string` | `""` | no |
 | <a name="input_license_template"></a> [license\_template](#input\_license\_template) | The (Optional) license template to use for the repository | `string` | `null` | no |
diff --git a/modules/public_repository/README.md b/modules/public_repository/README.md
index 8cc90f1..0b50e81 100644
--- a/modules/public_repository/README.md
+++ b/modules/public_repository/README.md
@@ -29,6 +29,7 @@ No resources.
 | <a name="input_allow_merge_commit"></a> [allow\_merge\_commit](#input\_allow\_merge\_commit) | (Optional) Set to `false` to disable merge commits on the repository. | `bool` | `true` | no |
 | <a name="input_allow_rebase_merge"></a> [allow\_rebase\_merge](#input\_allow\_rebase\_merge) | (Optional) Set to `false` to disable rebase merges on the repository. | `bool` | `true` | no |
 | <a name="input_allow_squash_merge"></a> [allow\_squash\_merge](#input\_allow\_squash\_merge) | (Optional) Set to `false` to disable squash merges on the repository. | `bool` | `true` | no |
+| <a name="input_archived"></a> [archived](#input\_archived) | Specifies if the repository should be archived. Defaults to false. | `bool` | `false` | no |
 | <a name="input_codespace_secrets"></a> [codespace\_secrets](#input\_codespace\_secrets) | An (Optional) map of GitHub Codespace secrets to create for this repository. The key is the name of the secret and the value is the encrypted value. | `map(string)` | `{}` | no |
 | <a name="input_default_branch"></a> [default\_branch](#input\_default\_branch) | The branch to set as the default branch for this repository. Defaults to "main" | `string` | `"main"` | no |
 | <a name="input_delete_head_on_merge"></a> [delete\_head\_on\_merge](#input\_delete\_head\_on\_merge) | Sets the delete head on merge option for the repository. If true it will delete pull request branches automatically on merge. Defaults to true | `bool` | `true` | no |
@@ -36,6 +37,7 @@ No resources.
 | <a name="input_dependabot_security_updates"></a> [dependabot\_security\_updates](#input\_dependabot\_security\_updates) | Enables dependabot security updates. Only works when `has_vulnerability_alerts` is set because that is required to enable dependabot for the repository. | `bool` | `true` | no |
 | <a name="input_description"></a> [description](#input\_description) | The description to give to the repository. Defaults to `""` | `string` | `""` | no |
 | <a name="input_environments"></a> [environments](#input\_environments) | Environments to create for the repository. | <pre>map(object({<br/>    wait_timer          = optional(number)<br/>    can_admins_bypass   = optional(bool)<br/>    prevent_self_review = optional(bool)<br/>    action_secrets      = optional(map(string))<br/>    reviewers = optional(object({<br/>      teams = optional(list(string))<br/>      users = optional(list(string))<br/>    }))<br/>    deployment_branch_policy = optional(object({<br/>      protected_branches     = bool<br/>      custom_branch_policies = bool<br/>      branch_patterns        = list(string)<br/>    }))<br/>  }))</pre> | `{}` | no |
+| <a name="input_github_repository_vulnerability_alerts"></a> [github\_repository\_vulnerability\_alerts](#input\_github\_repository\_vulnerability\_alerts) | Enables the github\_repository\_vulnerability\_alerts resource which explicitly manages Dependabot vulnerability alert enablement for the repository. Defaults to false. | `bool` | `false` | no |
 | <a name="input_homepage"></a> [homepage](#input\_homepage) | The homepage for the repository | `string` | `""` | no |
 | <a name="input_license_template"></a> [license\_template](#input\_license\_template) | The (Optional) license template to apply to the repository | `string` | `null` | no |
 | <a name="input_merge_commit_message"></a> [merge\_commit\_message](#input\_merge\_commit\_message) | (Optional) Can be `PR_BODY`, `PR_TITLE`, or `BLANK` for a default merge commit message. Applicable only if allow\_merge\_commit is `true`. | `string` | `"PR_TITLE"` | no |
diff --git a/modules/repository_base/README.md b/modules/repository_base/README.md
index 48790d0..d7a5bd3 100644
--- a/modules/repository_base/README.md
+++ b/modules/repository_base/README.md
@@ -32,6 +32,7 @@
 | [github_repository_environment.environment](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_environment) | resource |
 | [github_repository_environment_deployment_policy.deployment_policy](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_environment_deployment_policy) | resource |
 | [github_repository_ruleset.protected_branch_base_rules](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_ruleset) | resource |
+| [github_repository_vulnerability_alerts.vulnerability_alerts](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_vulnerability_alerts) | resource |
 | [github_organization_custom_role.branch_ruleset_bypasser](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/organization_custom_role) | data source |
 | [github_team.branch_ruleset_bypasser](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/team) | data source |
 
@@ -45,6 +46,7 @@
 | <a name="input_allow_merge_commit"></a> [allow\_merge\_commit](#input\_allow\_merge\_commit) | (Optional) Set to `false` to disable merge commits on the repository. | `bool` | `true` | no |
 | <a name="input_allow_rebase_merge"></a> [allow\_rebase\_merge](#input\_allow\_rebase\_merge) | (Optional) Set to `false` to disable rebase merges on the repository. | `bool` | `true` | no |
 | <a name="input_allow_squash_merge"></a> [allow\_squash\_merge](#input\_allow\_squash\_merge) | (Optional) Set to `false` to disable squash merges on the repository. | `bool` | `true` | no |
+| <a name="input_archived"></a> [archived](#input\_archived) | Specifies if the repository should be archived. Defaults to false. | `bool` | `false` | no |
 | <a name="input_codespace_secrets"></a> [codespace\_secrets](#input\_codespace\_secrets) | An (Optional) map of Github Codespace secrets to create for this repository. The key is the name of the secret and the value is the encrypted value. | `map(string)` | `{}` | no |
 | <a name="input_default_branch"></a> [default\_branch](#input\_default\_branch) | The branch to set as the default branch for this repository. Defaults to "main" | `string` | `"main"` | no |
 | <a name="input_delete_head_on_merge"></a> [delete\_head\_on\_merge](#input\_delete\_head\_on\_merge) | Sets the delete head on merge option for the repository. If true it will delete pull request branches automatically on merge. Defaults to true | `bool` | `true` | no |
@@ -52,6 +54,7 @@
 | <a name="input_dependabot_security_updates"></a> [dependabot\_security\_updates](#input\_dependabot\_security\_updates) | Enables dependabot security updates. Only works when `has_vulnerability_alerts` is set because that is required to enable dependabot for the repository. | `bool` | `true` | no |
 | <a name="input_description"></a> [description](#input\_description) | The description to give to the repository. Defaults to `""` | `string` | `""` | no |
 | <a name="input_environments"></a> [environments](#input\_environments) | An (Optional) map of environments to create for the repository. The key is the name of the environment and the value is the environment configuration. | <pre>map(object({<br/>    wait_timer          = optional(number)<br/>    can_admins_bypass   = optional(bool)<br/>    prevent_self_review = optional(bool)<br/>    action_secrets      = optional(map(string))<br/>    reviewers = optional(object({<br/>      teams = optional(list(string))<br/>      users = optional(list(string))<br/>    }))<br/>    deployment_branch_policy = optional(object({<br/>      protected_branches     = bool<br/>      custom_branch_policies = bool<br/>      branch_patterns        = list(string)<br/>    }))<br/>  }))</pre> | `{}` | no |
+| <a name="input_github_repository_vulnerability_alerts"></a> [github\_repository\_vulnerability\_alerts](#input\_github\_repository\_vulnerability\_alerts) | Enables the github\_repository\_vulnerability\_alerts resource which explicitly manages Dependabot vulnerability alert enablement for the repository. Defaults to false. | `bool` | `false` | no |
 | <a name="input_has_discussions"></a> [has\_discussions](#input\_has\_discussions) | Enables Github Discussions. | `bool` | `true` | no |
 | <a name="input_has_downloads"></a> [has\_downloads](#input\_has\_downloads) | Enables downloads for the repository | `bool` | `false` | no |
 | <a name="input_has_issues"></a> [has\_issues](#input\_has\_issues) | Enables Github Issues for the repository | `bool` | `true` | no |
diff --git a/modules/repository_set/README.md b/modules/repository_set/README.md
index b49db66..a2240d5 100644
--- a/modules/repository_set/README.md
+++ b/modules/repository_set/README.md
@@ -33,9 +33,9 @@
 |------|-------------|------|---------|:--------:|
 | <a name="input_default_repository_team_permissions"></a> [default\_repository\_team\_permissions](#input\_default\_repository\_team\_permissions) | A map where the keys are github team slugs and the value is the permissions the team should have by default for every repository. If an entry exists in `repository_team_permissions_override` for a repository then that will take precedence over this default. Defaults to `{}` giving no team access to the repositories. | `map(string)` | `{}` | no |
 | <a name="input_has_ghas_license"></a> [has\_ghas\_license](#input\_has\_ghas\_license) | If the organization owning the repositories has a GitHub Advanced Security license or not. Defaults to false. | `bool` | `false` | no |
-| <a name="input_internal_repositories"></a> [internal\_repositories](#input\_internal\_repositories) | A map of internal repositories where the key is the repository name and the value is the configuration | <pre>map(object({<br/>    description                          = string<br/>    default_branch                       = string<br/>    protected_branches                   = list(string)<br/>    advance_security                     = bool<br/>    topics                               = list(string)<br/>    homepage                             = string<br/>    delete_head_on_merge                 = bool<br/>    dependabot_security_updates          = bool<br/>    requires_web_commit_signing          = bool<br/>    allow_auto_merge                     = optional(bool)<br/>    allow_squash_merge                   = optional(bool)<br/>    allow_rebase_merge                   = optional(bool)<br/>    allow_merge_commit                   = optional(bool)<br/>    squash_merge_commit_title            = optional(string)<br/>    squash_merge_commit_message          = optional(string)<br/>    merge_commit_title                   = optional(string)<br/>    merge_commit_message                 = optional(string)<br/>    repository_team_permissions_override = optional(map(string))<br/>    user_permissions                     = optional(map(string))<br/>    organization_action_secrets          = optional(list(string))<br/>    organization_codespace_secrets       = optional(list(string))<br/>    organization_dependabot_secrets      = optional(list(string))<br/>    action_secrets                       = optional(map(string))<br/>    codespace_secrets                    = optional(map(string))<br/>    dependabot_secrets                   = optional(map(string))<br/>    environments = optional(map(object({<br/>      wait_timer          = optional(number)<br/>      can_admins_bypass   = optional(bool)<br/>      prevent_self_review = optional(bool)<br/>      action_secrets      = optional(map(string))<br/>      reviewers = optional(object({<br/>        teams = optional(list(string))<br/>        users = optional(list(string))<br/>      }))<br/>      deployment_branch_policy = optional(object({<br/>        protected_branches     = bool<br/>        custom_branch_policies = bool<br/>        branch_patterns        = list(string)<br/>      }))<br/>    })))<br/>    template_repository = optional(object({<br/>      owner                = string<br/>      repository           = string<br/>      include_all_branches = bool<br/>    }))<br/>    license_template = optional(string)<br/>    pages = optional(object({<br/>      source = optional(object({<br/>        branch = string<br/>        path   = optional(string)<br/>      }))<br/>      build_type = optional(string)<br/>      cname      = optional(string)<br/>    }))<br/>  }))</pre> | `{}` | no |
-| <a name="input_private_repositories"></a> [private\_repositories](#input\_private\_repositories) | A map of private repositories where the key is the repository name and the value is the configuration | <pre>map(object({<br/>    description                          = string<br/>    default_branch                       = string<br/>    protected_branches                   = list(string)<br/>    advance_security                     = bool<br/>    has_vulnerability_alerts             = bool<br/>    topics                               = list(string)<br/>    homepage                             = string<br/>    delete_head_on_merge                 = bool<br/>    requires_web_commit_signing          = bool<br/>    dependabot_security_updates          = bool<br/>    allow_auto_merge                     = optional(bool)<br/>    allow_squash_merge                   = optional(bool)<br/>    allow_rebase_merge                   = optional(bool)<br/>    allow_merge_commit                   = optional(bool)<br/>    squash_merge_commit_title            = optional(string)<br/>    squash_merge_commit_message          = optional(string)<br/>    merge_commit_title                   = optional(string)<br/>    merge_commit_message                 = optional(string)<br/>    repository_team_permissions_override = optional(map(string))<br/>    user_permissions                     = optional(map(string))<br/>    organization_action_secrets          = optional(list(string))<br/>    organization_codespace_secrets       = optional(list(string))<br/>    organization_dependabot_secrets      = optional(list(string))<br/>    action_secrets                       = optional(map(string))<br/>    codespace_secrets                    = optional(map(string))<br/>    dependabot_secrets                   = optional(map(string))<br/>    environments = optional(map(object({<br/>      wait_timer          = optional(number)<br/>      can_admins_bypass   = optional(bool)<br/>      prevent_self_review = optional(bool)<br/>      action_secrets      = optional(map(string))<br/>      reviewers = optional(object({<br/>        teams = optional(list(string))<br/>        users = optional(list(string))<br/>      }))<br/>      deployment_branch_policy = optional(object({<br/>        protected_branches     = bool<br/>        custom_branch_policies = bool<br/>        branch_patterns        = list(string)<br/>      }))<br/>    })))<br/>    template_repository = optional(object({<br/>      owner                = string<br/>      repository           = string<br/>      include_all_branches = bool<br/>    }))<br/>    license_template = optional(string)<br/>    pages = optional(object({<br/>      source = optional(object({<br/>        branch = string<br/>        path   = optional(string)<br/>      }))<br/>      build_type = optional(string)<br/>      cname      = optional(string)<br/>    }))<br/>  }))</pre> | n/a | yes |
-| <a name="input_public_repositories"></a> [public\_repositories](#input\_public\_repositories) | A map of public repositories where the key is the repository name and the value is the configuration | <pre>map(object({<br/>    description                          = string<br/>    default_branch                       = string<br/>    protected_branches                   = list(string)<br/>    advance_security                     = bool<br/>    topics                               = list(string)<br/>    homepage                             = string<br/>    delete_head_on_merge                 = bool<br/>    dependabot_security_updates          = bool<br/>    requires_web_commit_signing          = bool<br/>    allow_auto_merge                     = optional(bool)<br/>    allow_squash_merge                   = optional(bool)<br/>    allow_rebase_merge                   = optional(bool)<br/>    allow_merge_commit                   = optional(bool)<br/>    squash_merge_commit_title            = optional(string)<br/>    squash_merge_commit_message          = optional(string)<br/>    merge_commit_title                   = optional(string)<br/>    merge_commit_message                 = optional(string)<br/>    repository_team_permissions_override = optional(map(string))<br/>    user_permissions                     = optional(map(string))<br/>    organization_action_secrets          = optional(list(string))<br/>    organization_codespace_secrets       = optional(list(string))<br/>    organization_dependabot_secrets      = optional(list(string))<br/>    action_secrets                       = optional(map(string))<br/>    codespace_secrets                    = optional(map(string))<br/>    dependabot_secrets                   = optional(map(string))<br/>    environments = optional(map(object({<br/>      wait_timer          = optional(number)<br/>      can_admins_bypass   = optional(bool)<br/>      prevent_self_review = optional(bool)<br/>      action_secrets      = optional(map(string))<br/>      reviewers = optional(object({<br/>        teams = optional(list(string))<br/>        users = optional(list(string))<br/>      }))<br/>      deployment_branch_policy = optional(object({<br/>        protected_branches     = bool<br/>        custom_branch_policies = bool<br/>        branch_patterns        = list(string)<br/>      }))<br/>    })))<br/>    template_repository = optional(object({<br/>      owner                = string<br/>      repository           = string<br/>      include_all_branches = bool<br/>    }))<br/>    license_template = optional(string)<br/>    pages = optional(object({<br/>      source = optional(object({<br/>        branch = string<br/>        path   = optional(string)<br/>      }))<br/>      build_type = optional(string)<br/>      cname      = optional(string)<br/>    }))<br/>  }))</pre> | n/a | yes |
+| <a name="input_internal_repositories"></a> [internal\_repositories](#input\_internal\_repositories) | A map of internal repositories where the key is the repository name and the value is the configuration | <pre>map(object({<br/>    description                          = string<br/>    default_branch                       = string<br/>    protected_branches                   = list(string)<br/>    advance_security                     = bool<br/>    topics                               = list(string)<br/>    homepage                             = string<br/>    delete_head_on_merge                 = bool<br/>    dependabot_security_updates          = bool<br/>    requires_web_commit_signing          = bool<br/>    allow_auto_merge                     = optional(bool)<br/>    allow_squash_merge                   = optional(bool)<br/>    allow_rebase_merge                   = optional(bool)<br/>    allow_merge_commit                   = optional(bool)<br/>    squash_merge_commit_title            = optional(string)<br/>    squash_merge_commit_message          = optional(string)<br/>    merge_commit_title                   = optional(string)<br/>    merge_commit_message                 = optional(string)<br/>    repository_team_permissions_override = optional(map(string))<br/>    user_permissions                     = optional(map(string))<br/>    organization_action_secrets          = optional(list(string))<br/>    organization_codespace_secrets       = optional(list(string))<br/>    organization_dependabot_secrets      = optional(list(string))<br/>    action_secrets                       = optional(map(string))<br/>    codespace_secrets                    = optional(map(string))<br/>    dependabot_secrets                   = optional(map(string))<br/>    environments = optional(map(object({<br/>      wait_timer          = optional(number)<br/>      can_admins_bypass   = optional(bool)<br/>      prevent_self_review = optional(bool)<br/>      action_secrets      = optional(map(string))<br/>      reviewers = optional(object({<br/>        teams = optional(list(string))<br/>        users = optional(list(string))<br/>      }))<br/>      deployment_branch_policy = optional(object({<br/>        protected_branches     = bool<br/>        custom_branch_policies = bool<br/>        branch_patterns        = list(string)<br/>      }))<br/>    })))<br/>    template_repository = optional(object({<br/>      owner                = string<br/>      repository           = string<br/>      include_all_branches = bool<br/>    }))<br/>    license_template = optional(string)<br/>    pages = optional(object({<br/>      source = optional(object({<br/>        branch = string<br/>        path   = optional(string)<br/>      }))<br/>      build_type = optional(string)<br/>      cname      = optional(string)<br/>    }))<br/>    archived = optional(bool)<br/>    github_repository_vulnerability_alerts = optional(bool)<br/>  }))</pre> | `{}` | no |
+| <a name="input_private_repositories"></a> [private\_repositories](#input\_private\_repositories) | A map of private repositories where the key is the repository name and the value is the configuration | <pre>map(object({<br/>    description                          = string<br/>    default_branch                       = string<br/>    protected_branches                   = list(string)<br/>    advance_security                     = bool<br/>    has_vulnerability_alerts             = bool<br/>    topics                               = list(string)<br/>    homepage                             = string<br/>    delete_head_on_merge                 = bool<br/>    requires_web_commit_signing          = bool<br/>    dependabot_security_updates          = bool<br/>    allow_auto_merge                     = optional(bool)<br/>    allow_squash_merge                   = optional(bool)<br/>    allow_rebase_merge                   = optional(bool)<br/>    allow_merge_commit                   = optional(bool)<br/>    squash_merge_commit_title            = optional(string)<br/>    squash_merge_commit_message          = optional(string)<br/>    merge_commit_title                   = optional(string)<br/>    merge_commit_message                 = optional(string)<br/>    repository_team_permissions_override = optional(map(string))<br/>    user_permissions                     = optional(map(string))<br/>    organization_action_secrets          = optional(list(string))<br/>    organization_codespace_secrets       = optional(list(string))<br/>    organization_dependabot_secrets      = optional(list(string))<br/>    action_secrets                       = optional(map(string))<br/>    codespace_secrets                    = optional(map(string))<br/>    dependabot_secrets                   = optional(map(string))<br/>    environments = optional(map(object({<br/>      wait_timer          = optional(number)<br/>      can_admins_bypass   = optional(bool)<br/>      prevent_self_review = optional(bool)<br/>      action_secrets      = optional(map(string))<br/>      reviewers = optional(object({<br/>        teams = optional(list(string))<br/>        users = optional(list(string))<br/>      }))<br/>      deployment_branch_policy = optional(object({<br/>        protected_branches     = bool<br/>        custom_branch_policies = bool<br/>        branch_patterns        = list(string)<br/>      }))<br/>    })))<br/>    template_repository = optional(object({<br/>      owner                = string<br/>      repository           = string<br/>      include_all_branches = bool<br/>    }))<br/>    license_template = optional(string)<br/>    pages = optional(object({<br/>      source = optional(object({<br/>        branch = string<br/>        path   = optional(string)<br/>      }))<br/>      build_type = optional(string)<br/>      cname      = optional(string)<br/>    }))<br/>    archived = optional(bool)<br/>    github_repository_vulnerability_alerts = optional(bool)<br/>  }))</pre> | n/a | yes |
+| <a name="input_public_repositories"></a> [public\_repositories](#input\_public\_repositories) | A map of public repositories where the key is the repository name and the value is the configuration | <pre>map(object({<br/>    description                          = string<br/>    default_branch                       = string<br/>    protected_branches                   = list(string)<br/>    advance_security                     = bool<br/>    topics                               = list(string)<br/>    homepage                             = string<br/>    delete_head_on_merge                 = bool<br/>    dependabot_security_updates          = bool<br/>    requires_web_commit_signing          = bool<br/>    allow_auto_merge                     = optional(bool)<br/>    allow_squash_merge                   = optional(bool)<br/>    allow_rebase_merge                   = optional(bool)<br/>    allow_merge_commit                   = optional(bool)<br/>    squash_merge_commit_title            = optional(string)<br/>    squash_merge_commit_message          = optional(string)<br/>    merge_commit_title                   = optional(string)<br/>    merge_commit_message                 = optional(string)<br/>    repository_team_permissions_override = optional(map(string))<br/>    user_permissions                     = optional(map(string))<br/>    organization_action_secrets          = optional(list(string))<br/>    organization_codespace_secrets       = optional(list(string))<br/>    organization_dependabot_secrets      = optional(list(string))<br/>    action_secrets                       = optional(map(string))<br/>    codespace_secrets                    = optional(map(string))<br/>    dependabot_secrets                   = optional(map(string))<br/>    environments = optional(map(object({<br/>      wait_timer          = optional(number)<br/>      can_admins_bypass   = optional(bool)<br/>      prevent_self_review = optional(bool)<br/>      action_secrets      = optional(map(string))<br/>      reviewers = optional(object({<br/>        teams = optional(list(string))<br/>        users = optional(list(string))<br/>      }))<br/>      deployment_branch_policy = optional(object({<br/>        protected_branches     = bool<br/>        custom_branch_policies = bool<br/>        branch_patterns        = list(string)<br/>      }))<br/>    })))<br/>    template_repository = optional(object({<br/>      owner                = string<br/>      repository           = string<br/>      include_all_branches = bool<br/>    }))<br/>    license_template = optional(string)<br/>    pages = optional(object({<br/>      source = optional(object({<br/>        branch = string<br/>        path   = optional(string)<br/>      }))<br/>      build_type = optional(string)<br/>      cname      = optional(string)<br/>    }))<br/>    archived = optional(bool)<br/>    github_repository_vulnerability_alerts = optional(bool)<br/>  }))</pre> | n/a | yes |
 | <a name="input_rulesets"></a> [rulesets](#input\_rulesets) | n/a | <pre>map(object({<br/>    bypass_actors = optional(object({<br/>      repository_roles = optional(list(object({<br/>        role          = string<br/>        always_bypass = optional(bool)<br/>      })))<br/>      teams = optional(list(object({<br/>        team          = string<br/>        always_bypass = optional(bool)<br/>      })))<br/>      integrations = optional(list(object({<br/>        installation_id = number<br/>        always_bypass   = optional(bool)<br/>      })))<br/>      organization_admin = optional(object({<br/>        always_bypass = optional(bool)<br/>      }))<br/>    }))<br/>    conditions = optional(object({<br/>      ref_name = object({<br/>        include = list(string)<br/>        exclude = list(string)<br/>      })<br/>    }))<br/>    rules = object({<br/>      branch_name_pattern = optional(object({<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string)<br/>        negate   = optional(bool)<br/>      }))<br/>      tag_name_pattern = optional(object({<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string)<br/>        negate   = optional(bool)<br/>      }))<br/>      commit_author_email_pattern = optional(object({<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string)<br/>        negate   = optional(bool)<br/>      }))<br/>      commit_message_pattern = optional(object({<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string)<br/>        negate   = optional(bool)<br/>      }))<br/>      committer_email_pattern = optional(object({<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string)<br/>        negate   = optional(bool)<br/>      }))<br/>      creation                      = optional(bool)<br/>      deletion                      = optional(bool)<br/>      update                        = optional(bool)<br/>      non_fast_forward              = optional(bool)<br/>      required_linear_history       = optional(bool)<br/>      required_signatures           = optional(bool)<br/>      update_allows_fetch_and_merge = optional(bool)<br/>      pull_request = optional(object({<br/>        dismiss_stale_reviews_on_push     = optional(bool)<br/>        require_code_owner_review         = optional(bool)<br/>        require_last_push_approval        = optional(bool)<br/>        required_approving_review_count   = optional(number)<br/>        required_review_thread_resolution = optional(bool)<br/>      }))<br/>      required_status_checks = optional(object({<br/>        required_check = list(object({<br/>          context        = string<br/>          integration_id = optional(number)<br/>        }))<br/>        strict_required_status_check_policy = optional(bool)<br/>      }))<br/>      required_deployment_environments = optional(list(string))<br/>    })<br/>    target       = string<br/>    enforcement  = string<br/>    repositories = list(string)<br/>  }))</pre> | `{}` | no |
 
 ## Outputs

From da422ed77cc4e8b0704dd6cb589c6729403ceca8 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 27 Apr 2026 21:04:59 +0000
Subject: [PATCH 6/7] Rename github_repository_vulnerability_alerts variable to
 has_vulnerability_alerts

Agent-Logs-Url: https://github.com/FociSolutions/github-foundations-modules/sessions/ba7b6287-2ba1-4329-a96b-26e665305be1

Co-authored-by: bzarboni1 <99673202+bzarboni1@users.noreply.github.com>
---
 modules/internal_repository/repository.tf     | 2 --
 modules/internal_repository/variables.tf      | 6 ------
 modules/private_repository/repository.tf      | 2 --
 modules/private_repository/variables.tf       | 6 ------
 modules/public_repository/repository.tf       | 2 --
 modules/public_repository/variables.tf        | 6 ------
 modules/repository_base/repository.tf         | 2 +-
 modules/repository_base/repository.tftest.hcl | 1 -
 modules/repository_base/variables.tf          | 6 ------
 modules/repository_set/repositories.tf        | 3 ---
 modules/repository_set/variables.tf           | 3 ---
 11 files changed, 1 insertion(+), 38 deletions(-)

diff --git a/modules/internal_repository/repository.tf b/modules/internal_repository/repository.tf
index 400b803..c59a21d 100644
--- a/modules/internal_repository/repository.tf
+++ b/modules/internal_repository/repository.tf
@@ -40,8 +40,6 @@ module "repository_base" {
   dependabot_security_updates = var.dependabot_security_updates
   archived                    = var.archived
 
-  github_repository_vulnerability_alerts = var.github_repository_vulnerability_alerts
-
   codespace_secrets  = var.codespace_secrets
   dependabot_secrets = var.dependabot_secrets
   action_secrets     = var.action_secrets
diff --git a/modules/internal_repository/variables.tf b/modules/internal_repository/variables.tf
index 2719e69..086889a 100644
--- a/modules/internal_repository/variables.tf
+++ b/modules/internal_repository/variables.tf
@@ -67,12 +67,6 @@ variable "dependabot_security_updates" {
   default     = true
 }
 
-variable "github_repository_vulnerability_alerts" {
-  description = "Enables the github_repository_vulnerability_alerts resource which explicitly manages Dependabot vulnerability alert enablement for the repository. Defaults to false."
-  type        = bool
-  default     = false
-}
-
 variable "archived" {
   description = "Specifies if the repository should be archived. Defaults to false."
   type        = bool
diff --git a/modules/private_repository/repository.tf b/modules/private_repository/repository.tf
index 7225e09..9cccf59 100644
--- a/modules/private_repository/repository.tf
+++ b/modules/private_repository/repository.tf
@@ -40,8 +40,6 @@ module "repository_base" {
   dependabot_security_updates = var.dependabot_security_updates
   archived                    = var.archived
 
-  github_repository_vulnerability_alerts = var.github_repository_vulnerability_alerts
-
   codespace_secrets  = var.codespace_secrets
   dependabot_secrets = var.dependabot_secrets
   action_secrets     = var.action_secrets
diff --git a/modules/private_repository/variables.tf b/modules/private_repository/variables.tf
index c5bca8f..d4aca44 100644
--- a/modules/private_repository/variables.tf
+++ b/modules/private_repository/variables.tf
@@ -67,12 +67,6 @@ variable "dependabot_security_updates" {
   default     = true
 }
 
-variable "github_repository_vulnerability_alerts" {
-  description = "Enables the github_repository_vulnerability_alerts resource which explicitly manages Dependabot vulnerability alert enablement for the repository. Defaults to false."
-  type        = bool
-  default     = false
-}
-
 variable "archived" {
   description = "Specifies if the repository should be archived. Defaults to false."
   type        = bool
diff --git a/modules/public_repository/repository.tf b/modules/public_repository/repository.tf
index 745c9d2..c743d9a 100644
--- a/modules/public_repository/repository.tf
+++ b/modules/public_repository/repository.tf
@@ -36,8 +36,6 @@ module "repository_base" {
   dependabot_security_updates = var.dependabot_security_updates
   archived                    = var.archived
 
-  github_repository_vulnerability_alerts = var.github_repository_vulnerability_alerts
-
   codespace_secrets  = var.codespace_secrets
   dependabot_secrets = var.dependabot_secrets
   action_secrets     = var.action_secrets
diff --git a/modules/public_repository/variables.tf b/modules/public_repository/variables.tf
index 8aad623..1bfbb65 100644
--- a/modules/public_repository/variables.tf
+++ b/modules/public_repository/variables.tf
@@ -67,12 +67,6 @@ variable "dependabot_security_updates" {
   default     = true
 }
 
-variable "github_repository_vulnerability_alerts" {
-  description = "Enables the github_repository_vulnerability_alerts resource which explicitly manages Dependabot vulnerability alert enablement for the repository. Defaults to false."
-  type        = bool
-  default     = false
-}
-
 variable "archived" {
   description = "Specifies if the repository should be archived. Defaults to false."
   type        = bool
diff --git a/modules/repository_base/repository.tf b/modules/repository_base/repository.tf
index 6f9b59e..d70f601 100644
--- a/modules/repository_base/repository.tf
+++ b/modules/repository_base/repository.tf
@@ -97,7 +97,7 @@ resource "github_repository_dependabot_security_updates" "automated_security_fix
 }
 
 resource "github_repository_vulnerability_alerts" "vulnerability_alerts" {
-  count      = var.github_repository_vulnerability_alerts ? 1 : 0
+  count      = var.has_vulnerability_alerts ? 1 : 0
   repository = github_repository.repository.name
 }
 
diff --git a/modules/repository_base/repository.tftest.hcl b/modules/repository_base/repository.tftest.hcl
index 493158b..af7af88 100644
--- a/modules/repository_base/repository.tftest.hcl
+++ b/modules/repository_base/repository.tftest.hcl
@@ -10,7 +10,6 @@ variables {
   has_wiki                    = true
   has_discussions             = true
   has_vulnerability_alerts    = true
-  github_repository_vulnerability_alerts = true
   topics                      = ["terraform", "github", "foundations"]
   homepage                    = "myhomepage"
   delete_head_on_merge        = false
diff --git a/modules/repository_base/variables.tf b/modules/repository_base/variables.tf
index 9c6ebe9..6439d30 100644
--- a/modules/repository_base/variables.tf
+++ b/modules/repository_base/variables.tf
@@ -67,12 +67,6 @@ variable "has_vulnerability_alerts" {
   default     = true
 }
 
-variable "github_repository_vulnerability_alerts" {
-  description = "Enables the github_repository_vulnerability_alerts resource which explicitly manages Dependabot vulnerability alert enablement for the repository. Defaults to false."
-  type        = bool
-  default     = false
-}
-
 variable "archived" {
   description = "Specifies if the repository should be archived. Defaults to false."
   type        = bool
diff --git a/modules/repository_set/repositories.tf b/modules/repository_set/repositories.tf
index 0ad469e..50e3842 100644
--- a/modules/repository_set/repositories.tf
+++ b/modules/repository_set/repositories.tf
@@ -50,7 +50,6 @@ module "public_repositories" {
   rulesets                    = lookup(local.rulesets_by_public_repository, each.key, {})
   pages                       = each.value.pages
   archived                    = each.value.archived
-  github_repository_vulnerability_alerts = each.value.github_repository_vulnerability_alerts
 }
 
 module "private_repositories" {
@@ -88,7 +87,6 @@ module "private_repositories" {
   rulesets                    = lookup(local.rulesets_by_private_repository, each.key, {})
   pages                       = each.value.pages
   archived                    = each.value.archived
-  github_repository_vulnerability_alerts = each.value.github_repository_vulnerability_alerts
 }
 
 module "internal_repositories" {
@@ -125,5 +123,4 @@ module "internal_repositories" {
   rulesets                    = lookup(local.rulesets_by_internal_repository, each.key, {})
   pages                       = each.value.pages
   archived                    = each.value.archived
-  github_repository_vulnerability_alerts = each.value.github_repository_vulnerability_alerts
 }
diff --git a/modules/repository_set/variables.tf b/modules/repository_set/variables.tf
index 178418a..8479158 100644
--- a/modules/repository_set/variables.tf
+++ b/modules/repository_set/variables.tf
@@ -56,7 +56,6 @@ variable "private_repositories" {
       cname      = optional(string)
     }))
     archived = optional(bool)
-    github_repository_vulnerability_alerts = optional(bool)
   }))
   description = "A map of private repositories where the key is the repository name and the value is the configuration"
 }
@@ -118,7 +117,6 @@ variable "public_repositories" {
       cname      = optional(string)
     }))
     archived = optional(bool)
-    github_repository_vulnerability_alerts = optional(bool)
   }))
   description = "A map of public repositories where the key is the repository name and the value is the configuration"
 }
@@ -180,7 +178,6 @@ variable "internal_repositories" {
       cname      = optional(string)
     }))
     archived = optional(bool)
-    github_repository_vulnerability_alerts = optional(bool)
   }))
   description = "A map of internal repositories where the key is the repository name and the value is the configuration"
   default     = {}

From 8ede992292be30c49b133b433b52d5d196e96050 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Mon, 27 Apr 2026 21:07:24 +0000
Subject: [PATCH 7/7] terraform-docs: automated action

---
 modules/internal_repository/README.md | 1 -
 modules/private_repository/README.md  | 1 -
 modules/public_repository/README.md   | 1 -
 modules/repository_base/README.md     | 1 -
 modules/repository_set/README.md      | 6 +++---
 5 files changed, 3 insertions(+), 7 deletions(-)

diff --git a/modules/internal_repository/README.md b/modules/internal_repository/README.md
index d0c3c7d..2288a29 100644
--- a/modules/internal_repository/README.md
+++ b/modules/internal_repository/README.md
@@ -37,7 +37,6 @@ No resources.
 | <a name="input_dependabot_security_updates"></a> [dependabot\_security\_updates](#input\_dependabot\_security\_updates) | Enables dependabot security updates. Only works when `has_vulnerability_alerts` is set because that is required to enable dependabot for the repository. | `bool` | `true` | no |
 | <a name="input_description"></a> [description](#input\_description) | The description to give to the repository. Defaults to `""` | `string` | `""` | no |
 | <a name="input_environments"></a> [environments](#input\_environments) | Environments to create for the repository. | <pre>map(object({<br/>    wait_timer          = optional(number)<br/>    can_admins_bypass   = optional(bool)<br/>    prevent_self_review = optional(bool)<br/>    action_secrets      = optional(map(string))<br/>    reviewers = optional(object({<br/>      teams = optional(list(string))<br/>      users = optional(list(string))<br/>    }))<br/>    deployment_branch_policy = optional(object({<br/>      protected_branches     = bool<br/>      custom_branch_policies = bool<br/>      branch_patterns        = list(string)<br/>    }))<br/>  }))</pre> | `{}` | no |
-| <a name="input_github_repository_vulnerability_alerts"></a> [github\_repository\_vulnerability\_alerts](#input\_github\_repository\_vulnerability\_alerts) | Enables the github\_repository\_vulnerability\_alerts resource which explicitly manages Dependabot vulnerability alert enablement for the repository. Defaults to false. | `bool` | `false` | no |
 | <a name="input_has_ghas_license"></a> [has\_ghas\_license](#input\_has\_ghas\_license) | If the organization owning the repository has a GitHub Advanced Security license or not. Defaults to false. | `bool` | `false` | no |
 | <a name="input_homepage"></a> [homepage](#input\_homepage) | The homepage for the repository | `string` | `""` | no |
 | <a name="input_license_template"></a> [license\_template](#input\_license\_template) | The (Optional) license template to apply to the repository | `string` | `null` | no |
diff --git a/modules/private_repository/README.md b/modules/private_repository/README.md
index 0cf4dcd..5460b7d 100644
--- a/modules/private_repository/README.md
+++ b/modules/private_repository/README.md
@@ -37,7 +37,6 @@ No resources.
 | <a name="input_dependabot_security_updates"></a> [dependabot\_security\_updates](#input\_dependabot\_security\_updates) | Enables dependabot security updates. Only works when `has_vulnerability_alerts` is set because that is required to enable dependabot for the repository. | `bool` | `true` | no |
 | <a name="input_description"></a> [description](#input\_description) | The description to give to the repository. Defaults to `""` | `string` | `""` | no |
 | <a name="input_environments"></a> [environments](#input\_environments) | Environments to create for the repository. | <pre>map(object({<br/>    wait_timer          = optional(number)<br/>    can_admins_bypass   = optional(bool)<br/>    prevent_self_review = optional(bool)<br/>    action_secrets      = optional(map(string))<br/>    reviewers = optional(object({<br/>      teams = optional(list(string))<br/>      users = optional(list(string))<br/>    }))<br/>    deployment_branch_policy = optional(object({<br/>      protected_branches     = bool<br/>      custom_branch_policies = bool<br/>      branch_patterns        = list(string)<br/>    }))<br/>  }))</pre> | `{}` | no |
-| <a name="input_github_repository_vulnerability_alerts"></a> [github\_repository\_vulnerability\_alerts](#input\_github\_repository\_vulnerability\_alerts) | Enables the github\_repository\_vulnerability\_alerts resource which explicitly manages Dependabot vulnerability alert enablement for the repository. Defaults to false. | `bool` | `false` | no |
 | <a name="input_has_ghas_license"></a> [has\_ghas\_license](#input\_has\_ghas\_license) | If the organization owning the repository has a GitHub Advanced Security license or not. Defaults to false. | `bool` | `false` | no |
 | <a name="input_homepage"></a> [homepage](#input\_homepage) | The homepage for the repository | `string` | `""` | no |
 | <a name="input_license_template"></a> [license\_template](#input\_license\_template) | The (Optional) license template to use for the repository | `string` | `null` | no |
diff --git a/modules/public_repository/README.md b/modules/public_repository/README.md
index 0b50e81..09262d2 100644
--- a/modules/public_repository/README.md
+++ b/modules/public_repository/README.md
@@ -37,7 +37,6 @@ No resources.
 | <a name="input_dependabot_security_updates"></a> [dependabot\_security\_updates](#input\_dependabot\_security\_updates) | Enables dependabot security updates. Only works when `has_vulnerability_alerts` is set because that is required to enable dependabot for the repository. | `bool` | `true` | no |
 | <a name="input_description"></a> [description](#input\_description) | The description to give to the repository. Defaults to `""` | `string` | `""` | no |
 | <a name="input_environments"></a> [environments](#input\_environments) | Environments to create for the repository. | <pre>map(object({<br/>    wait_timer          = optional(number)<br/>    can_admins_bypass   = optional(bool)<br/>    prevent_self_review = optional(bool)<br/>    action_secrets      = optional(map(string))<br/>    reviewers = optional(object({<br/>      teams = optional(list(string))<br/>      users = optional(list(string))<br/>    }))<br/>    deployment_branch_policy = optional(object({<br/>      protected_branches     = bool<br/>      custom_branch_policies = bool<br/>      branch_patterns        = list(string)<br/>    }))<br/>  }))</pre> | `{}` | no |
-| <a name="input_github_repository_vulnerability_alerts"></a> [github\_repository\_vulnerability\_alerts](#input\_github\_repository\_vulnerability\_alerts) | Enables the github\_repository\_vulnerability\_alerts resource which explicitly manages Dependabot vulnerability alert enablement for the repository. Defaults to false. | `bool` | `false` | no |
 | <a name="input_homepage"></a> [homepage](#input\_homepage) | The homepage for the repository | `string` | `""` | no |
 | <a name="input_license_template"></a> [license\_template](#input\_license\_template) | The (Optional) license template to apply to the repository | `string` | `null` | no |
 | <a name="input_merge_commit_message"></a> [merge\_commit\_message](#input\_merge\_commit\_message) | (Optional) Can be `PR_BODY`, `PR_TITLE`, or `BLANK` for a default merge commit message. Applicable only if allow\_merge\_commit is `true`. | `string` | `"PR_TITLE"` | no |
diff --git a/modules/repository_base/README.md b/modules/repository_base/README.md
index d7a5bd3..27de03c 100644
--- a/modules/repository_base/README.md
+++ b/modules/repository_base/README.md
@@ -54,7 +54,6 @@
 | <a name="input_dependabot_security_updates"></a> [dependabot\_security\_updates](#input\_dependabot\_security\_updates) | Enables dependabot security updates. Only works when `has_vulnerability_alerts` is set because that is required to enable dependabot for the repository. | `bool` | `true` | no |
 | <a name="input_description"></a> [description](#input\_description) | The description to give to the repository. Defaults to `""` | `string` | `""` | no |
 | <a name="input_environments"></a> [environments](#input\_environments) | An (Optional) map of environments to create for the repository. The key is the name of the environment and the value is the environment configuration. | <pre>map(object({<br/>    wait_timer          = optional(number)<br/>    can_admins_bypass   = optional(bool)<br/>    prevent_self_review = optional(bool)<br/>    action_secrets      = optional(map(string))<br/>    reviewers = optional(object({<br/>      teams = optional(list(string))<br/>      users = optional(list(string))<br/>    }))<br/>    deployment_branch_policy = optional(object({<br/>      protected_branches     = bool<br/>      custom_branch_policies = bool<br/>      branch_patterns        = list(string)<br/>    }))<br/>  }))</pre> | `{}` | no |
-| <a name="input_github_repository_vulnerability_alerts"></a> [github\_repository\_vulnerability\_alerts](#input\_github\_repository\_vulnerability\_alerts) | Enables the github\_repository\_vulnerability\_alerts resource which explicitly manages Dependabot vulnerability alert enablement for the repository. Defaults to false. | `bool` | `false` | no |
 | <a name="input_has_discussions"></a> [has\_discussions](#input\_has\_discussions) | Enables Github Discussions. | `bool` | `true` | no |
 | <a name="input_has_downloads"></a> [has\_downloads](#input\_has\_downloads) | Enables downloads for the repository | `bool` | `false` | no |
 | <a name="input_has_issues"></a> [has\_issues](#input\_has\_issues) | Enables Github Issues for the repository | `bool` | `true` | no |
diff --git a/modules/repository_set/README.md b/modules/repository_set/README.md
index a2240d5..d015cc8 100644
--- a/modules/repository_set/README.md
+++ b/modules/repository_set/README.md
@@ -33,9 +33,9 @@
 |------|-------------|------|---------|:--------:|
 | <a name="input_default_repository_team_permissions"></a> [default\_repository\_team\_permissions](#input\_default\_repository\_team\_permissions) | A map where the keys are github team slugs and the value is the permissions the team should have by default for every repository. If an entry exists in `repository_team_permissions_override` for a repository then that will take precedence over this default. Defaults to `{}` giving no team access to the repositories. | `map(string)` | `{}` | no |
 | <a name="input_has_ghas_license"></a> [has\_ghas\_license](#input\_has\_ghas\_license) | If the organization owning the repositories has a GitHub Advanced Security license or not. Defaults to false. | `bool` | `false` | no |
-| <a name="input_internal_repositories"></a> [internal\_repositories](#input\_internal\_repositories) | A map of internal repositories where the key is the repository name and the value is the configuration | <pre>map(object({<br/>    description                          = string<br/>    default_branch                       = string<br/>    protected_branches                   = list(string)<br/>    advance_security                     = bool<br/>    topics                               = list(string)<br/>    homepage                             = string<br/>    delete_head_on_merge                 = bool<br/>    dependabot_security_updates          = bool<br/>    requires_web_commit_signing          = bool<br/>    allow_auto_merge                     = optional(bool)<br/>    allow_squash_merge                   = optional(bool)<br/>    allow_rebase_merge                   = optional(bool)<br/>    allow_merge_commit                   = optional(bool)<br/>    squash_merge_commit_title            = optional(string)<br/>    squash_merge_commit_message          = optional(string)<br/>    merge_commit_title                   = optional(string)<br/>    merge_commit_message                 = optional(string)<br/>    repository_team_permissions_override = optional(map(string))<br/>    user_permissions                     = optional(map(string))<br/>    organization_action_secrets          = optional(list(string))<br/>    organization_codespace_secrets       = optional(list(string))<br/>    organization_dependabot_secrets      = optional(list(string))<br/>    action_secrets                       = optional(map(string))<br/>    codespace_secrets                    = optional(map(string))<br/>    dependabot_secrets                   = optional(map(string))<br/>    environments = optional(map(object({<br/>      wait_timer          = optional(number)<br/>      can_admins_bypass   = optional(bool)<br/>      prevent_self_review = optional(bool)<br/>      action_secrets      = optional(map(string))<br/>      reviewers = optional(object({<br/>        teams = optional(list(string))<br/>        users = optional(list(string))<br/>      }))<br/>      deployment_branch_policy = optional(object({<br/>        protected_branches     = bool<br/>        custom_branch_policies = bool<br/>        branch_patterns        = list(string)<br/>      }))<br/>    })))<br/>    template_repository = optional(object({<br/>      owner                = string<br/>      repository           = string<br/>      include_all_branches = bool<br/>    }))<br/>    license_template = optional(string)<br/>    pages = optional(object({<br/>      source = optional(object({<br/>        branch = string<br/>        path   = optional(string)<br/>      }))<br/>      build_type = optional(string)<br/>      cname      = optional(string)<br/>    }))<br/>    archived = optional(bool)<br/>    github_repository_vulnerability_alerts = optional(bool)<br/>  }))</pre> | `{}` | no |
-| <a name="input_private_repositories"></a> [private\_repositories](#input\_private\_repositories) | A map of private repositories where the key is the repository name and the value is the configuration | <pre>map(object({<br/>    description                          = string<br/>    default_branch                       = string<br/>    protected_branches                   = list(string)<br/>    advance_security                     = bool<br/>    has_vulnerability_alerts             = bool<br/>    topics                               = list(string)<br/>    homepage                             = string<br/>    delete_head_on_merge                 = bool<br/>    requires_web_commit_signing          = bool<br/>    dependabot_security_updates          = bool<br/>    allow_auto_merge                     = optional(bool)<br/>    allow_squash_merge                   = optional(bool)<br/>    allow_rebase_merge                   = optional(bool)<br/>    allow_merge_commit                   = optional(bool)<br/>    squash_merge_commit_title            = optional(string)<br/>    squash_merge_commit_message          = optional(string)<br/>    merge_commit_title                   = optional(string)<br/>    merge_commit_message                 = optional(string)<br/>    repository_team_permissions_override = optional(map(string))<br/>    user_permissions                     = optional(map(string))<br/>    organization_action_secrets          = optional(list(string))<br/>    organization_codespace_secrets       = optional(list(string))<br/>    organization_dependabot_secrets      = optional(list(string))<br/>    action_secrets                       = optional(map(string))<br/>    codespace_secrets                    = optional(map(string))<br/>    dependabot_secrets                   = optional(map(string))<br/>    environments = optional(map(object({<br/>      wait_timer          = optional(number)<br/>      can_admins_bypass   = optional(bool)<br/>      prevent_self_review = optional(bool)<br/>      action_secrets      = optional(map(string))<br/>      reviewers = optional(object({<br/>        teams = optional(list(string))<br/>        users = optional(list(string))<br/>      }))<br/>      deployment_branch_policy = optional(object({<br/>        protected_branches     = bool<br/>        custom_branch_policies = bool<br/>        branch_patterns        = list(string)<br/>      }))<br/>    })))<br/>    template_repository = optional(object({<br/>      owner                = string<br/>      repository           = string<br/>      include_all_branches = bool<br/>    }))<br/>    license_template = optional(string)<br/>    pages = optional(object({<br/>      source = optional(object({<br/>        branch = string<br/>        path   = optional(string)<br/>      }))<br/>      build_type = optional(string)<br/>      cname      = optional(string)<br/>    }))<br/>    archived = optional(bool)<br/>    github_repository_vulnerability_alerts = optional(bool)<br/>  }))</pre> | n/a | yes |
-| <a name="input_public_repositories"></a> [public\_repositories](#input\_public\_repositories) | A map of public repositories where the key is the repository name and the value is the configuration | <pre>map(object({<br/>    description                          = string<br/>    default_branch                       = string<br/>    protected_branches                   = list(string)<br/>    advance_security                     = bool<br/>    topics                               = list(string)<br/>    homepage                             = string<br/>    delete_head_on_merge                 = bool<br/>    dependabot_security_updates          = bool<br/>    requires_web_commit_signing          = bool<br/>    allow_auto_merge                     = optional(bool)<br/>    allow_squash_merge                   = optional(bool)<br/>    allow_rebase_merge                   = optional(bool)<br/>    allow_merge_commit                   = optional(bool)<br/>    squash_merge_commit_title            = optional(string)<br/>    squash_merge_commit_message          = optional(string)<br/>    merge_commit_title                   = optional(string)<br/>    merge_commit_message                 = optional(string)<br/>    repository_team_permissions_override = optional(map(string))<br/>    user_permissions                     = optional(map(string))<br/>    organization_action_secrets          = optional(list(string))<br/>    organization_codespace_secrets       = optional(list(string))<br/>    organization_dependabot_secrets      = optional(list(string))<br/>    action_secrets                       = optional(map(string))<br/>    codespace_secrets                    = optional(map(string))<br/>    dependabot_secrets                   = optional(map(string))<br/>    environments = optional(map(object({<br/>      wait_timer          = optional(number)<br/>      can_admins_bypass   = optional(bool)<br/>      prevent_self_review = optional(bool)<br/>      action_secrets      = optional(map(string))<br/>      reviewers = optional(object({<br/>        teams = optional(list(string))<br/>        users = optional(list(string))<br/>      }))<br/>      deployment_branch_policy = optional(object({<br/>        protected_branches     = bool<br/>        custom_branch_policies = bool<br/>        branch_patterns        = list(string)<br/>      }))<br/>    })))<br/>    template_repository = optional(object({<br/>      owner                = string<br/>      repository           = string<br/>      include_all_branches = bool<br/>    }))<br/>    license_template = optional(string)<br/>    pages = optional(object({<br/>      source = optional(object({<br/>        branch = string<br/>        path   = optional(string)<br/>      }))<br/>      build_type = optional(string)<br/>      cname      = optional(string)<br/>    }))<br/>    archived = optional(bool)<br/>    github_repository_vulnerability_alerts = optional(bool)<br/>  }))</pre> | n/a | yes |
+| <a name="input_internal_repositories"></a> [internal\_repositories](#input\_internal\_repositories) | A map of internal repositories where the key is the repository name and the value is the configuration | <pre>map(object({<br/>    description                          = string<br/>    default_branch                       = string<br/>    protected_branches                   = list(string)<br/>    advance_security                     = bool<br/>    topics                               = list(string)<br/>    homepage                             = string<br/>    delete_head_on_merge                 = bool<br/>    dependabot_security_updates          = bool<br/>    requires_web_commit_signing          = bool<br/>    allow_auto_merge                     = optional(bool)<br/>    allow_squash_merge                   = optional(bool)<br/>    allow_rebase_merge                   = optional(bool)<br/>    allow_merge_commit                   = optional(bool)<br/>    squash_merge_commit_title            = optional(string)<br/>    squash_merge_commit_message          = optional(string)<br/>    merge_commit_title                   = optional(string)<br/>    merge_commit_message                 = optional(string)<br/>    repository_team_permissions_override = optional(map(string))<br/>    user_permissions                     = optional(map(string))<br/>    organization_action_secrets          = optional(list(string))<br/>    organization_codespace_secrets       = optional(list(string))<br/>    organization_dependabot_secrets      = optional(list(string))<br/>    action_secrets                       = optional(map(string))<br/>    codespace_secrets                    = optional(map(string))<br/>    dependabot_secrets                   = optional(map(string))<br/>    environments = optional(map(object({<br/>      wait_timer          = optional(number)<br/>      can_admins_bypass   = optional(bool)<br/>      prevent_self_review = optional(bool)<br/>      action_secrets      = optional(map(string))<br/>      reviewers = optional(object({<br/>        teams = optional(list(string))<br/>        users = optional(list(string))<br/>      }))<br/>      deployment_branch_policy = optional(object({<br/>        protected_branches     = bool<br/>        custom_branch_policies = bool<br/>        branch_patterns        = list(string)<br/>      }))<br/>    })))<br/>    template_repository = optional(object({<br/>      owner                = string<br/>      repository           = string<br/>      include_all_branches = bool<br/>    }))<br/>    license_template = optional(string)<br/>    pages = optional(object({<br/>      source = optional(object({<br/>        branch = string<br/>        path   = optional(string)<br/>      }))<br/>      build_type = optional(string)<br/>      cname      = optional(string)<br/>    }))<br/>    archived = optional(bool)<br/>  }))</pre> | `{}` | no |
+| <a name="input_private_repositories"></a> [private\_repositories](#input\_private\_repositories) | A map of private repositories where the key is the repository name and the value is the configuration | <pre>map(object({<br/>    description                          = string<br/>    default_branch                       = string<br/>    protected_branches                   = list(string)<br/>    advance_security                     = bool<br/>    has_vulnerability_alerts             = bool<br/>    topics                               = list(string)<br/>    homepage                             = string<br/>    delete_head_on_merge                 = bool<br/>    requires_web_commit_signing          = bool<br/>    dependabot_security_updates          = bool<br/>    allow_auto_merge                     = optional(bool)<br/>    allow_squash_merge                   = optional(bool)<br/>    allow_rebase_merge                   = optional(bool)<br/>    allow_merge_commit                   = optional(bool)<br/>    squash_merge_commit_title            = optional(string)<br/>    squash_merge_commit_message          = optional(string)<br/>    merge_commit_title                   = optional(string)<br/>    merge_commit_message                 = optional(string)<br/>    repository_team_permissions_override = optional(map(string))<br/>    user_permissions                     = optional(map(string))<br/>    organization_action_secrets          = optional(list(string))<br/>    organization_codespace_secrets       = optional(list(string))<br/>    organization_dependabot_secrets      = optional(list(string))<br/>    action_secrets                       = optional(map(string))<br/>    codespace_secrets                    = optional(map(string))<br/>    dependabot_secrets                   = optional(map(string))<br/>    environments = optional(map(object({<br/>      wait_timer          = optional(number)<br/>      can_admins_bypass   = optional(bool)<br/>      prevent_self_review = optional(bool)<br/>      action_secrets      = optional(map(string))<br/>      reviewers = optional(object({<br/>        teams = optional(list(string))<br/>        users = optional(list(string))<br/>      }))<br/>      deployment_branch_policy = optional(object({<br/>        protected_branches     = bool<br/>        custom_branch_policies = bool<br/>        branch_patterns        = list(string)<br/>      }))<br/>    })))<br/>    template_repository = optional(object({<br/>      owner                = string<br/>      repository           = string<br/>      include_all_branches = bool<br/>    }))<br/>    license_template = optional(string)<br/>    pages = optional(object({<br/>      source = optional(object({<br/>        branch = string<br/>        path   = optional(string)<br/>      }))<br/>      build_type = optional(string)<br/>      cname      = optional(string)<br/>    }))<br/>    archived = optional(bool)<br/>  }))</pre> | n/a | yes |
+| <a name="input_public_repositories"></a> [public\_repositories](#input\_public\_repositories) | A map of public repositories where the key is the repository name and the value is the configuration | <pre>map(object({<br/>    description                          = string<br/>    default_branch                       = string<br/>    protected_branches                   = list(string)<br/>    advance_security                     = bool<br/>    topics                               = list(string)<br/>    homepage                             = string<br/>    delete_head_on_merge                 = bool<br/>    dependabot_security_updates          = bool<br/>    requires_web_commit_signing          = bool<br/>    allow_auto_merge                     = optional(bool)<br/>    allow_squash_merge                   = optional(bool)<br/>    allow_rebase_merge                   = optional(bool)<br/>    allow_merge_commit                   = optional(bool)<br/>    squash_merge_commit_title            = optional(string)<br/>    squash_merge_commit_message          = optional(string)<br/>    merge_commit_title                   = optional(string)<br/>    merge_commit_message                 = optional(string)<br/>    repository_team_permissions_override = optional(map(string))<br/>    user_permissions                     = optional(map(string))<br/>    organization_action_secrets          = optional(list(string))<br/>    organization_codespace_secrets       = optional(list(string))<br/>    organization_dependabot_secrets      = optional(list(string))<br/>    action_secrets                       = optional(map(string))<br/>    codespace_secrets                    = optional(map(string))<br/>    dependabot_secrets                   = optional(map(string))<br/>    environments = optional(map(object({<br/>      wait_timer          = optional(number)<br/>      can_admins_bypass   = optional(bool)<br/>      prevent_self_review = optional(bool)<br/>      action_secrets      = optional(map(string))<br/>      reviewers = optional(object({<br/>        teams = optional(list(string))<br/>        users = optional(list(string))<br/>      }))<br/>      deployment_branch_policy = optional(object({<br/>        protected_branches     = bool<br/>        custom_branch_policies = bool<br/>        branch_patterns        = list(string)<br/>      }))<br/>    })))<br/>    template_repository = optional(object({<br/>      owner                = string<br/>      repository           = string<br/>      include_all_branches = bool<br/>    }))<br/>    license_template = optional(string)<br/>    pages = optional(object({<br/>      source = optional(object({<br/>        branch = string<br/>        path   = optional(string)<br/>      }))<br/>      build_type = optional(string)<br/>      cname      = optional(string)<br/>    }))<br/>    archived = optional(bool)<br/>  }))</pre> | n/a | yes |
 | <a name="input_rulesets"></a> [rulesets](#input\_rulesets) | n/a | <pre>map(object({<br/>    bypass_actors = optional(object({<br/>      repository_roles = optional(list(object({<br/>        role          = string<br/>        always_bypass = optional(bool)<br/>      })))<br/>      teams = optional(list(object({<br/>        team          = string<br/>        always_bypass = optional(bool)<br/>      })))<br/>      integrations = optional(list(object({<br/>        installation_id = number<br/>        always_bypass   = optional(bool)<br/>      })))<br/>      organization_admin = optional(object({<br/>        always_bypass = optional(bool)<br/>      }))<br/>    }))<br/>    conditions = optional(object({<br/>      ref_name = object({<br/>        include = list(string)<br/>        exclude = list(string)<br/>      })<br/>    }))<br/>    rules = object({<br/>      branch_name_pattern = optional(object({<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string)<br/>        negate   = optional(bool)<br/>      }))<br/>      tag_name_pattern = optional(object({<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string)<br/>        negate   = optional(bool)<br/>      }))<br/>      commit_author_email_pattern = optional(object({<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string)<br/>        negate   = optional(bool)<br/>      }))<br/>      commit_message_pattern = optional(object({<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string)<br/>        negate   = optional(bool)<br/>      }))<br/>      committer_email_pattern = optional(object({<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string)<br/>        negate   = optional(bool)<br/>      }))<br/>      creation                      = optional(bool)<br/>      deletion                      = optional(bool)<br/>      update                        = optional(bool)<br/>      non_fast_forward              = optional(bool)<br/>      required_linear_history       = optional(bool)<br/>      required_signatures           = optional(bool)<br/>      update_allows_fetch_and_merge = optional(bool)<br/>      pull_request = optional(object({<br/>        dismiss_stale_reviews_on_push     = optional(bool)<br/>        require_code_owner_review         = optional(bool)<br/>        require_last_push_approval        = optional(bool)<br/>        required_approving_review_count   = optional(number)<br/>        required_review_thread_resolution = optional(bool)<br/>      }))<br/>      required_status_checks = optional(object({<br/>        required_check = list(object({<br/>          context        = string<br/>          integration_id = optional(number)<br/>        }))<br/>        strict_required_status_check_policy = optional(bool)<br/>      }))<br/>      required_deployment_environments = optional(list(string))<br/>    })<br/>    target       = string<br/>    enforcement  = string<br/>    repositories = list(string)<br/>  }))</pre> | `{}` | no |
 
 ## Outputs