DOS5010

Disable Forking for Private or Internal Repository

DOS5010

GitHub repository critical builtIn

Description

Repository forking should be disabled. Organizations should never allow private or internal repositories to be forked. You can help prevent sensitive information from being exposed by disabling the ability to fork repositories in your organization. By default, new organizations are configured to disallow the forking of private and internal repositories. Learn more: https://docs.github.com/en/enterprise-cloud@latest/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization#prevent-data-leaks https://docs.github.com/en/enterprise-cloud@latest/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-the-forking-policy-for-your-repository

Recommendation

1. Go to Repository Settings. 
2. In the 'General' section of the sidebar, go to 'Features' section. 
3. Under the 'Features' section. 
4. Ensure the 'Allow forking' setting is disabled.

Policy Rule

{
  "target": "GHRepository",
  "if": {
    "allOf": [
      {
        "resource": "GHRepository",
        "property": "Private",
        "operator": "equals",
        "value": true
      },
      {
        "resource": "GHRepository",
        "property": "AllowForking",
        "operator": "equals",
        "value": false
      }
    ]
  },
  "then": {
    "effect": "Audit"
  }
}
« DOS4510 DOS5020 »
Rule Details
  • Rule ID: DOS5010
  • Code: GH_Repository_Policies_Disable_Private_Forking
  • Platform: GitHub
  • Category: repository
  • Severity: critical
  • Type: builtIn
Related Rules

Copyright © DevOps Shield. All Rights Reserved. Privacy Policy | Cookie Policy | Terms and Conditions