Ensure webhooks of the package registry are secured

Webhooks are used for triggering an HTTP request based on an action made in the platform. Typically, package registries feature webhooks when a package receives an update. Since webhooks are an HTTP POST requests, they can be malformed if not secured over SSL. Use only secured webhooks to prevent a potential hack and compromise of the webhook and the registry or web server accepting the request.

Risk Level: medium
Platform: Github
Spectral Rule ID: GH-HRD034

REMEDIATION

SaaS:

Go to 'Payload URL' and set webhook to use HTTPS protocol. Also set SSL verification to 'enable SSL verification'.

  1. Go to https://github.com<YOUR_REPO_NAME>/settings/hooks.
  2. Go to section 'Payload URL'.
  3. Set webhook to use the HTTPS protocol, also set 'SSL verification' to 'enable SSL verification'.

Read more: