Organization members should be of type 'User'. Bot accounts that appear as full members (rather than as integrations or apps) typically indicate misconfigured automations - bots should be installed as GitHub Apps with scoped permissions, NOT added as full org members with the broad permission surface that membership grants.
1. Go to Organization -> People. 2. Identify any 'Bot' type members. 3. Convert each bot to a GitHub App with the minimum required scopes, then remove the bot from membership.
{
"target": "GHOrganizationMember",
"if": {
"allOf": [
{
"resource": "GHOrganizationMember",
"property": "Type",
"operator": "equals",
"value": "User"
}
]
},
"then": {
"effect": "Audit"
}
}Copyright © DevOps Shield. All Rights Reserved. Privacy Policy | Cookie Policy | Terms and Conditions | v1.0.2