Right now it is possible to security alerts and automated security fixes via the API. 

However, it doesn’t actually work in most circumstances for private repositories. This is because private repositories have to have the “Allow GitHub to perform read-only analysis of this repository” option enabled before these API endpoints actually work.

If it isn’t possible to enable this via the API, it would be nice if it could be enabled on an organization level so we could default all repositories to allowing github to do the scans, rather than requiring it on each repository individual (an individual override is fine, but a default would be so nice).

Thank you for being here @tedivm, at this time It’s not possible to do this via the API currently. However, the team is already aware that this would be useful, so it’s something they’re considering adding. I have added your interest in this feature to our internal issue.

We are also very interested in this option! It’d be nice to have an org-wide default, or some way to set it with Probot settings.