Ensure inactive users are reviewed and removed periodically
User accounts that have been inactive for a long time are enlarging the surface of attack. Inactive users with high-level privileges are particularly concerned, as these accounts are more likely to be targeted by attackers. Those Inactive users could allow access to large portions of an organization. It is recommended to remove them as soon as possible in order to prevent this
Risk Level: medium
Platform: Github
Spectral Rule ID: GH-HRD041
REMEDIATION
set to package 'Private'.
SaaS:
- Go to
https://github.com/<YOUR_ORGANIZATION_NAME>/settings
- Go to section' Packages permissions'
- set 'Package Creation' to 'Private'
Read more:
Updated over 1 year ago