Ensure the maximum number of admins per repo is not exceeded

People with admin access to a repository can manage access to the repository. The chance for an attacker to hack a privileged user increases as many users have administrators.

Risk Level: medium
Platform: Github
Spectral Rule ID: GH-HRDS004


A few people typically perform the administration, and membership as Admins should be limited. The rule is simple: the fewer, the better.


  1. On GitHub.com, navigate to the main page of the repository.
  2. Under your repository name, click Settings (wheel icon).
  3. In the 'Access' section of the sidebar, click 'Collaborators & teams'.
  4. Under 'Manage access', find the team or person whose Role you'd like to change, then select the Role drop-down and click a new Role.

Read more: