Verify that the organization has an SSH Certificate Authority server

There are two ways for remotely working with Source Code Management: via HTTPS, which requires authentication by user/password, or via SSH, which requires using SSH keys. SSH authentication is better regarding security, key creation, and key distribution.

Risk Level: medium
Platform: Github
Spectral Rule ID: GH-HRD035

REMEDIATION

Add deploy key.

SaaS:

  1. Go to https://github.com/<YOUR_ORGANIZATION_NAME>/<YOUR_REPO_NAME>/settings/keys.
  2. Add the deploy key in the 'Deploy keys' section.

Read more: