Ensure strict base permissions are set for repositories
Defining strict base permissions is the best practice in every role-based access control (RBAC) system. If the base permission is high—for example, "Write" permission—every organization member will have "Write" permission to every repository in the organization; this will apply regardless of the specific permissions a user might need, which generally differ between the organization's repositories. The higher the consent, the higher the risk for incidents such as lousy code or data breaches. It is recommended to set the base permissions to the strictest level possible.
Risk Level: high
Platform: Github
Spectral Rule ID: GH-HRD040
REMEDIATION
set 'Base permissions' to 'Read'.
SaaS:
- Go to
https://github.com/organizations/<YOUR_ORGANIZATION_NAME>/settings/member_privileges
. - Go to section 'Member privileges'.
- Set to 'Read' in 'Base permissions'.
Read more:
Updated over 1 year ago