DOS5050

Repository visibility should be private

DOS5050

GitHub repository critical builtIn

Description

Repository visibility should always be private or internal. Secure your code by converting public repositories to private whenever appropriate. Learn more: https://docs.github.com/en/enterprise-cloud@latest/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization#prevent-data-leaks https://docs.github.com/en/enterprise-cloud@latest/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility

Recommendation

1. Go to Repository Settings. 
2. In the 'General' section of the sidebar, go to 'Danger Zone' section. 
3. Under the 'Change repository visibility' section. 
4. Ensure the message 'This repository is currently private/internal.' is displayed.

Policy Rule

{
  "target": "GHRepository",
  "if": {
    "allOf": [
      {
        "resource": "GHRepository",
        "property": "Private",
        "operator": "equals",
        "value": true
      }
    ]
  },
  "then": {
    "effect": "Audit"
  }
}
« DOS5040 DOS5060 »
Rule Details
  • Rule ID: DOS5050
  • Code: GH_Repository_Visibility_Private
  • Platform: GitHub
  • Category: repository
  • Severity: critical
  • Type: builtIn
Related Rules

Copyright © DevOps Shield. All Rights Reserved. Privacy Policy | Cookie Policy | Terms and Conditions