Ensure the maximum number of admins per repo is not exceeded

People with admin access to a repository can manage access to the repository. The chance for an attacker to hack a privileged user increases as many users have administrators.

Risk Level: medium
Platform: Github
Spectral Rule ID: GH-HRD004

REMEDIATION

A few people typically perform the administration, and membership as Admins should be limited. The rule is simple: the fewer, the better.

SaaS:

  1. On GitHub.com, navigate to the main page of the repository.
  2. Under your repository name, click Settings (wheel icon).
  3. In the "Access" section of the sidebar, click Collaborators & teams.
  4. Under "Manage access", find the team or person whose Role you'd like to change, then select the Role drop-down and click a new Role.

Read more: