Ensure packages' organization has no public visibility

A repository-scoped package inherits the permissions and visibility of the repository that owns the package

Risk Level: medium
Platform: Github
Spectral Rule ID: GH-HRD043

REMEDIATION

in 'Packages permissions' set 'Package Creation' to 'Private'.

SaaS:

Go to https://github.com/organizations/<YOUR_ORGANIZATION_NAME>/settings/packages.
Go to 'Packages permissions'.
set 'Package Creation' to 'Private'.

Read more:

https://docs.github.com/en/packages/learn-github-packages/about-permissions-for-github-packages

Updated almost 2 years ago