Ensure webhooks of the package registry are secured

Webhooks are used for triggering an HTTP request based on an action made in the platform. Typically, package registries feature webhooks when a package receives an update. Since webhooks are an HTTP POST requests, they can be malformed if not secured over SSL. Use only secured webhooks to prevent a potential hack and compromise of the webhook and the registry or web server accepting the request.

Suggest Edits

Risk Level: medium
Platform: Github
Spectral Rule ID: GH-HRD034

REMEDIATION

SaaS:

Go to 'Payload URL' and set webhook to use HTTPS protocol. Also set SSL verification to 'enable SSL verification'.

Go to https://github.com<YOUR_REPO_NAME>/settings/hooks.
Go to section 'Payload URL'.
Set webhook to use the HTTPS protocol, also set 'SSL verification' to 'enable SSL verification'.

https://docs.github.com/en/developers/webhooks-and-events/webhooks/about-webhooks

Updated over 1 year ago

REMEDIATION

Read more: