DOS4030

Restrict Repository Creation to Internal - Allow members to create internal repositories

DOS4030

GitHub organization critical builtIn

Description

Restricting repository creation in your organization to help prevent sensitive information from being exposed. To protect your organization's data, you can configure permissions for creating repositories in your organization. Members should be able to create internal repositories, visible to all enterprise members. Outside collaborators can never create repositories. Learn more: https://docs.github.com/en/enterprise-cloud@latest/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization#prevent-data-leaks https://docs.github.com/en/enterprise-cloud@latest/organizations/managing-organization-settings/restricting-repository-creation-in-your-organization

Recommendation

1. Go to Organization Settings. 
2. In the 'Access' section of the sidebar, click Member privileges. 
3. Under the 'Repository creation' section. 
4. Ensure the 'Internal' setting is enabled.

Policy Rule

{
  "target": "GHOrganization",
  "if": {
    "allOf": [
      {
        "resource": "GHOrganization",
        "property": "MembersAllowedRepositoryCreationType",
        "operator": "equals",
        "value": "private"
      },
      {
        "resource": "GHOrganization",
        "property": "MembersCanCreateInternalRepositories",
        "operator": "equals",
        "value": true
      }
    ]
  },
  "then": {
    "effect": "Audit"
  }
}
« DOS4025 DOS4035 »
Rule Details
  • Rule ID: DOS4030
  • Code: GH_Organization_Policies_Restrict_Repository_Creation_To_Internal
  • Platform: GitHub
  • Category: organization
  • Severity: critical
  • Type: builtIn
Related Rules

Copyright © DevOps Shield. All Rights Reserved. Privacy Policy | Cookie Policy | Terms and Conditions