Ensure the maximum number of admins per repo is not exceeded
People with admin access to a repository can manage access to the repository. The chance for an attacker to hack a privileged user increases as many users have administrators.
Risk Level: medium
Platform: Github
Spectral Rule ID: GH-HRDS004
REMEDIATION
A few people typically perform the administration, and membership as Admins should be limited. The rule is simple: the fewer, the better.
SaaS:
- On GitHub.com, navigate to the main page of the repository.
- Under your repository name, click Settings (wheel icon).
- In the 'Access' section of the sidebar, click 'Collaborators & teams'.
- Under 'Manage access', find the team or person whose Role you'd like to change, then select the Role drop-down and click a new Role.
Read more:
Updated over 1 year ago