diff --git a/modules/argocd-repo/main.tf b/modules/argocd-repo/main.tf
index 12f2facd3..43a7109d3 100644
--- a/modules/argocd-repo/main.tf
+++ b/modules/argocd-repo/main.tf
@@ -49,7 +49,8 @@ resource "github_repository" "default" {
   description = var.description
   auto_init   = true # will create a 'main' branch
 
-  visibility = "private"
+  visibility           = "private"
+  vulnerability_alerts = var.vulnerability_alerts_enabled
 }
 
 resource "github_branch_default" "default" {
@@ -90,6 +91,12 @@ resource "github_branch_protection" "default" {
       join("", data.github_user.automation_user[*].node_id),
     ] : []
   }
+
+  lifecycle {
+    ignore_changes = [
+      restrict_pushes[0].push_allowances
+    ]
+  }
 }
 
 data "github_team" "default" {
diff --git a/modules/argocd-repo/variables.tf b/modules/argocd-repo/variables.tf
index 65b336576..0f4716517 100644
--- a/modules/argocd-repo/variables.tf
+++ b/modules/argocd-repo/variables.tf
@@ -151,6 +151,12 @@ variable "push_restrictions_enabled" {
   default     = true
 }
 
+variable "vulnerability_alerts_enabled" {
+  type        = bool
+  description = "Enable security alerts for vulnerable dependencies"
+  default     = false
+}
+
 variable "slack_notifications_channel" {
   type        = string
   default     = ""