Benchmark: 1.3 Contribution Access
Overview
This section consists of security recommendations for managing access to the application code. This includes managing both internal and external access, administrator accounts, permissions, identification methods, etc. Securing these items is important for software safety, because every security constraint on access is an obstacle in the way of attacks.
This section differentiates between common user account and admin account. It is important to understand that due to the high permissions of the admin account, it should be used only for administrative work and not for everyday tasks.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-github-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 1.3 Contribution Access.
Run this benchmark in your terminal:
powerpipe benchmark run github_compliance.benchmark.cis_supply_chain_v100_1_3Snapshot and share results via Turbot Pipes:
powerpipe benchmark run github_compliance.benchmark.cis_supply_chain_v100_1_3 --shareControls
- 1.3.1 Ensure inactive users are reviewed and removed periodically
- 1.3.3 Ensure minimum number of administrators are set for the organization
- 1.3.5 Ensure the organization is requiring members to use Multi-Factor Authentication (MFA)
- 1.3.7 Ensure two administrators are set for each repository
- 1.3.8 Ensure strict base permissions are set for repositories
- 1.3.9 Ensure an organization's identity is confirmed with a 'Verified' badge