PAT problem on GET /repos/<org>/<repo>/vulnerability-alerts endpoint

[ringods]

Select Topic Area

Question

Body

It seems I do not have permissions reading this endpoint:

Error reading repository vulnerability alerts: 
GET https://api.github.com/repos/pulumiverse/pulumi-esxi-native/vulnerability-alerts: 
403 Resource not accessible by personal access token []

(wrapped for readibility)

I verified the GITHUB_TOKEN env variable is correctly set. Using this env variable I can succesfully perform other calls, even on some private repos.

I am an owner of the pulumiverse organization and the repo was recently moved from a personal account into the organization.

As a Personal Access Token, I have a new Fine Grained Access Token with fairly liberal permissions. When bumping into this problem, I updated the permissions here and there, but without any success.

Can someone tell me which permission I need to set, and to which value for this endpoint to work?

[github-actions[bot]]

🕒 Discussion Activity Reminder 🕒

This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions:

1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as out of date at the bottom of the page.

2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own.

3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution.

Note: This dormant notification will only apply to Discussions with the Question label. To learn more, see our recent announcement.

Thank you for helping bring this Discussion to a resolution! 💬