Verify that the organization has an SSH Certificate Authority server

There are two ways for remotely working with Source Code Management: via HTTPS, which requires authentication by user/password, or via SSH, which requires using SSH keys. SSH authentication is better regarding security, key creation, and key distribution.

Risk Level: medium
Platform: Github
Spectral Rule ID: GH-HRD035

REMEDIATION

Add deploy key.

SaaS:

Go to https://github.com/<YOUR_ORGANIZATION_NAME>/<YOUR_REPO_NAME>/settings/keys.
Add the deploy key in the 'Deploy keys' section.

Read more:

https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account

Updated about 1 year ago