Profiles should not alert by default

Based on feedback, our alerts should not have alerts on by default;
disable alerting by default, but allow users to enable it by changing
this to "alerts: on".

profiles/github/dependabot_ghactions.yaml

@@ -6,10 +6,10 @@ name: dependabot-github-actions-github-profile
 display_name: Dependabot for GitHub Actions
 context:
   provider: github
-alert: "on"
+alert: "off"
 remediate: "off"
 repository:
   - type: dependabot_configured
     def:
       package_ecosystem: github-actions
-      schedule_interval: daily
+      schedule_interval: daily

profiles/github/dependabot_go.yaml

@@ -6,11 +6,11 @@ name: dependabot-go-github-profile
 display_name: Dependabot for Go projects
 context:
   provider: github
-alert: "on"
+alert: "off"
 remediate: "off"
 repository:
   - type: dependabot_configured
     def:
       package_ecosystem: gomod
       schedule_interval: daily
-      apply_if_file: go.mod
+      apply_if_file: go.mod

profiles/github/dependabot_npm.yaml

@@ -6,7 +6,7 @@ name: dependabot-npm-docs-github-profile
 display_name: Dependabot for JavaScript projects
 context:
   provider: github
-alert: "on"
+alert: "off"
 remediate: "on"
 repository:
   - type: dependabot_configured

profiles/github/dependabot_pip.yaml

@@ -6,11 +6,11 @@ name: dependabot-pip-github-profile
 display_name: Dependabot for Python projects
 context:
   provider: github
-alert: "on"
+alert: "off"
 remediate: "off"
 repository:
   - type: dependabot_configured
     def:
       package_ecosystem: pip
       schedule_interval: daily
-      apply_if_file: requirements.txt
+      apply_if_file: requirements.txt

profiles/github/dependabot_rust.yaml

@@ -6,7 +6,7 @@ name: dependabot-rust-github-profile
 display_name: Dependabot for Rust projects
 context:
   provider: github
-alert: "on"
+alert: "off"
 remediate: "off"
 repository:
   - type: dependabot_configured

profiles/github/dependencies.yaml

@@ -6,7 +6,7 @@ name: dependencies-github-profile
 display_name: Dependencies Security
 context:
   provider: github
-alert: "on"
+alert: "off"
 remediate: "off"
 pull_request:
   - type: pr_vulnerability_check

profiles/github/ghas.yaml

@@ -6,7 +6,7 @@ name: ghas-profile
 display_name: GitHub Advanced Security settings
 context:
   provider: github
-alert: "on"
+alert: "off"
 remediate: "off"
 repository:
   - type: secret_scanning

profiles/github/profile.yaml

@@ -6,7 +6,7 @@ name: acme-github-profile
 display_name: Sample Profile
 context:
   provider: github
-alert: "on"
+alert: "off"
 remediate: "off"
 repository:
   - type: automatic_branch_deletion

profiles/github/repo_security.yaml

@@ -6,7 +6,7 @@ name: repository-github-profile
 display_name: Repository Security
 context:
   provider: github
-alert: "on"
+alert: "off"
 remediate: "off"
 repository:
   - type: secret_scanning

profiles/github/trivy.yaml

@@ -6,8 +6,8 @@ name: trivy-github-profile
 display_name: Trivy action is enabled
 context:
   provider: github
-alert: "on"
+alert: "off"
 remediate: "off"
 repository:
   - type: trivy_action_enabled
-    def: {}
+    def: {}

profiles/github/workflow_security.yaml

@@ -6,7 +6,7 @@ name: workflow-security-github-profile
 display_name: GitHub Actions workflow security
 context:
   provider: github
-alert: "on"
+alert: "off"
 remediate: "off"
 repository:
   - type: actions_check_pinned_tags