DOS4035

Restrict Repository Creation to Private - Allow members to create private repositories

DOS4035

GitHub organization critical builtIn

Description

Restricting repository creation in your organization to help prevent sensitive information from being exposed. To protect your organization's data, you can configure permissions for creating repositories in your organization. Members should be able to create private repositories, visible to organization members with permission. Outside collaborators can never create repositories. Learn more: https://docs.github.com/en/enterprise-cloud@latest/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization#prevent-data-leaks https://docs.github.com/en/enterprise-cloud@latest/organizations/managing-organization-settings/restricting-repository-creation-in-your-organization

Recommendation

1. Go to Organization Settings. 
2. In the 'Access' section of the sidebar, click Member privileges. 
3. Under the 'Repository creation' section. 
4. Ensure the 'Private' setting is enabled.

Policy Rule

{
  "target": "GHOrganization",
  "if": {
    "allOf": [
      {
        "resource": "GHOrganization",
        "property": "MembersAllowedRepositoryCreationType",
        "operator": "equals",
        "value": "private"
      },
      {
        "resource": "GHOrganization",
        "property": "MembersCanCreatePrivateRepositories",
        "operator": "equals",
        "value": true
      }
    ]
  },
  "then": {
    "effect": "Audit"
  }
}
« DOS4030 DOS4040 »
Rule Details
  • Rule ID: DOS4035
  • Code: GH_Organization_Policies_Restrict_Repository_Creation_To_Private
  • Platform: GitHub
  • Category: organization
  • Severity: critical
  • Type: builtIn
Related Rules

Copyright © DevOps Shield. All Rights Reserved. Privacy Policy | Cookie Policy | Terms and Conditions