Guides
  1. SCM Policies
  2. GitHub Settings API

Ensure the maximum number of deploy keys per repo is not exceeded

Risk Level: medium
Platform: Github
Spectral Rule ID: GH-HRD005

REMEDIATION

Deploy keys are usually not protected by a passphrase, making the key easily accessible if the server is compromised.
Deploy keys should be limited and be manged with a security responsibility. Use fewer and aggressively limit private key distribution.

SaaS:

  1. On your profile page, click Repositories, then click the name of your repository.
  2. From your repository, click Settings.
  3. In the sidebar, click Deploy Keys.
  4. Be sure any active deploy key is required.

Read more:

Updated 7 months ago