Ensure the maximum number of admins per repo is not exceeded

People with admin access to a repository can manage access to the repository. The chance for an attacker to hack a privileged user increases as many users have administrators.

Suggest Edits

Risk Level: medium
Platform: Github
Spectral Rule ID: GH-HRD004

REMEDIATION

A few people typically perform the administration, and membership as Admins should be limited. The rule is simple: the fewer, the better.

SaaS:

On GitHub.com, navigate to the main page of the repository.
Under your repository name, click Settings (wheel icon).
In the "Access" section of the sidebar, click Collaborators & teams.
Under "Manage access", find the team or person whose Role you'd like to change, then select the Role drop-down and click a new Role.

https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-teams-and-people-with-access-to-your-repository#changing-permissions-for-a-team-or-person

Updated about 1 year ago

REMEDIATION

Read more: