Ensure repository creation is limited to specific members
Restricting repository creation to trusted users and teams is recommended to keep the organization properly structured, track fewer items, prevent impersonation, and not overload the version control system. It will allow administrators easier source code tracking and management capabilities, as they will have fewer repositories to track.
Risk Level: medium
Platform: Github
Spectral Rule ID: GH-HRD037
REMEDIATION
Change in 'Member privileges- Repository creation' to 'Private'.
SaaS:
- Go to
https://github.com/<YOUR_ORGANIZATION_NAME>/<YOUR_REPO_NAME>/settings/member_privileges
. - Go to section 'Member privileges'.
- Set 'Repository creation' to 'Private'.
Read more:
- https://docs.github.com/en/get-started/learning-about-github/access-permissions-on-github
- https://docs.github.com/en/repositories/creating-and-managing-repositories/creating-a-new-repository
- https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-teams-and-people-with-access-to-your-repository
Updated over 1 year ago