v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/github_compliance
Overview
2Dashboards
37Controls
33Queries
2Variables
GitHub

Control: 1.2.2 Ensure repository creation is limited to specific members

Description

Limit the ability to create repositories to trusted users and teams.

Rationale

Restricting repository creation to trusted users and teams is recommended in order to keep the organization properly structured, track fewer items, prevent impersonation, and to not overload the version control system. It will allow administrators easier source code tracking and management capabilities, as they will have fewer repositories to track. The process of detecting potential attacks becomes far more straightforward, as well, since the easier it is to track the source code, the easier it is to detect malicious acts within it. Additionally, the possibility of a member creating a public repository and sharing the organization’s data externally is significantly decreased.

Note: Specific users will not be permitted to create repositories.

Audit

Verify that only trusted users and teams can create repositories.

Remediation

Restrict repository creation to trusted users and teams only.

Usage

Run the control in your terminal:

powerpipe control run github_compliance.control.cis_supply_chain_v100_1_2_2

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run github_compliance.control.cis_supply_chain_v100_1_2_2 --share

SQL

This control uses a named query:

org_members_cannot_create_repos

Tags

category = Compliance
cis = true
cis_section_id = 1.2
cis_supply_chain_v100 = true
cis_type = automated
cis_version = v1.0.0
plugin = github
service = GitHub