Ensure strict base permissions are set for repositories

Defining strict base permissions is the best practice in every role-based access control (RBAC) system. If the base permission is high—for example, "Write" permission—every organization member will have "Write" permission to every repository in the organization; this will apply regardless of the specific permissions a user might need, which generally differ between the organization's repositories. The higher the consent, the higher the risk for incidents such as lousy code or data breaches. It is recommended to set the base permissions to the strictest level possible.

Suggest Edits

Risk Level: high
Platform: Github
Spectral Rule ID: GH-HRD040

REMEDIATION

set 'Base permissions' to 'Read'.

SaaS:

Go to https://github.com/organizations/<YOUR_ORGANIZATION_NAME>/settings/member_privileges.
Go to section 'Member privileges'.
Set to 'Read' in 'Base permissions'.

https://docs.github.com/en/organizations/managing-access-to-your-organizations-repositories/repository-roles-for-an-organization

Updated 7 months ago

REMEDIATION

Read more: