DOS4040

Restrict GitHub Pages Creation - Disallow members to publish sites

DOS4040

GitHub organization high builtIn

Description

Restrict pages creation in your organization to help prevent sensitive information from being exposed. To protect your organization's data, you can configure permissions for creating pages in your organization. Members should not be able to create public sites, visible to anyone. Members should not be able to create private sites, visible to anyone with permission. Learn more: https://docs.github.com/en/enterprise-cloud@latest/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization

Recommendation

1. Go to Organization Settings. 
2. In the 'Access' section of the sidebar, click Member privileges. 
3. Under the 'Pages creation' section. 
4. Ensure the 'Public' and 'Private' settings are disabled.

Policy Rule

{
  "target": "GHOrganization",
  "if": {
    "allOf": [
      {
        "resource": "GHOrganization",
        "property": "MembersCanCreatePages",
        "operator": "equals",
        "value": false
      },
      {
        "resource": "GHOrganization",
        "property": "MembersCanCreatePublicPages",
        "operator": "equals",
        "value": false
      },
      {
        "resource": "GHOrganization",
        "property": "MembersCanCreatePrivatePages",
        "operator": "equals",
        "value": false
      }
    ]
  },
  "then": {
    "effect": "Audit"
  }
}
« DOS4035 DOS4210 »
Rule Details
  • Rule ID: DOS4040
  • Code: GH_Organization_Policies_Restrict_GitHub_Pages_Creation
  • Platform: GitHub
  • Category: organization
  • Severity: high
  • Type: builtIn
Related Rules

Copyright © DevOps Shield. All Rights Reserved. Privacy Policy | Cookie Policy | Terms and Conditions