Ensure the maximum number of admins per repo is not exceeded

People with admin access to a repository can manage access to the repository. The chance for an attacker to hack a privileged user increases as many users have administrators.

Risk Level: medium
Platform: Github
Spectral Rule ID: GH-HRDS004

REMEDIATION

A few people typically perform the administration, and membership as Admins should be limited. The rule is simple: the fewer, the better.

SaaS:

  1. On GitHub.com, navigate to the main page of the repository.
  2. Under your repository name, click Settings (wheel icon).
  3. In the 'Access' section of the sidebar, click 'Collaborators & teams'.
  4. Under 'Manage access', find the team or person whose Role you'd like to change, then select the Role drop-down and click a new Role.

Read more: