v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/github_compliance
Overview
2Dashboards
37Controls
33Queries
2Variables
GitHub

Control: 1.2.4 Ensure inactive repositories are reviewed and archived periodically

Description

Ensure inactive repositories are reviewed and archived periodically

Rationale

Inactive repositories (i.e., no new changes introduced for a long period of time) can enlarge the surface of a potential attack or data leak. These repositories are more likely to be improperly managed, and thus could possibly be accessed by many users in an organization.

Note: Bug fixes and deployment of necessary changes could prove complicated for archived repositories.

Audit

Verify that all the repositories in the organization are active, and those that are not are reviewed or archived.

Remediation

Review all inactive repositories and archive them periodically.

Usage

Run the control in your terminal:

powerpipe control run github_compliance.control.cis_supply_chain_v100_1_2_7

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run github_compliance.control.cis_supply_chain_v100_1_2_7 --share

SQL

This control uses a named query:

repo_inactive_more_than_90_days

Tags

category = Compliance
cis = true
cis_section_id = 1.2
cis_supply_chain_v100 = true
cis_type = automated
cis_version = v1.0.0
plugin = github
service = GitHub