Ensure organization's webhooks are secured
Webhooks are used for triggering an HTTP request based on an action made in the platform. Since webhooks are an HTTP POST requests, they can be malformed if not secured over SSL. Use only secured webhooks to prevent a potential hack and compromise of the webhook and the registry or web server accepting the request.
Risk Level: medium
Platform: Github
Spectral Rule ID: GH-HRD042
REMEDIATION
SaaS:
- Go to
https://github.com/organizations/<YOUR_ORGANIZATION_NAME>/settings/hooks
- Go to 'Webhooks'.
- Click 'Edit' on the desirable webhook.
- In the 'Payload URL' add 'https' after that in 'SSL verification' mark 'SSL verification'
Read more:
Updated over 1 year ago