Ensure organization's webhooks are secured

Webhooks are used for triggering an HTTP request based on an action made in the platform. Since webhooks are an HTTP POST requests, they can be malformed if not secured over SSL. Use only secured webhooks to prevent a potential hack and compromise of the webhook and the registry or web server accepting the request.

Risk Level: medium
Platform: Github
Spectral Rule ID: GH-HRD042

REMEDIATION

SaaS:

Go to https://github.com/organizations/<YOUR_ORGANIZATION_NAME>/settings/hooks
Go to 'Webhooks'.
Click 'Edit' on the desirable webhook.
In the 'Payload URL' add 'https' after that in 'SSL verification' mark 'SSL verification'

Read more:

https://docs.github.com/en/rest/orgs/webhooks

Updated about 1 year ago