Ensure inactive users are reviewed and removed periodically

User accounts that have been inactive for a long time are enlarging the surface of attack. Inactive users with high-level privileges are particularly concerned, as these accounts are more likely to be targeted by attackers. Those Inactive users could allow access to large portions of an organization. It is recommended to remove them as soon as possible in order to prevent this

Risk Level: medium
Platform: Github
Spectral Rule ID: GH-HRD041


set to package 'Private'.


  1. Go to https://github.com/<YOUR_ORGANIZATION_NAME>/settings
  2. Go to section' Packages permissions'
  3. set 'Package Creation' to 'Private'

Read more: