v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/github_compliance
Overview
2Dashboards
37Controls
33Queries
2Variables
GitHub

Control: 1.3.7 Ensure two administrators are set for each repository

Description

Ensure every repository has two users with administrative permissions.

Rationale

Repository administrators have the highest permissions to said repository. These include the ability to add/remove collaborators, change branch protection policy, and convert to a publicly accessible repository. Due to the liberal access granted to a repository administrator, it is highly recommended that only two contributors occupy this role.

Note: Removing administrative users from a repository would result in them losing high-level access to that repository.

Audit

For every repository in use, verify there are two administrators.

Remediation

For every repository in use, set two administrators.

Usage

Run the control in your terminal:

powerpipe control run github_compliance.control.cis_supply_chain_v100_1_3_7

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run github_compliance.control.cis_supply_chain_v100_1_3_7 --share

SQL

This control uses a named query:

repo_should_have_two_admins

Tags

category = Compliance
cis = true
cis_section_id = 1.3
cis_supply_chain_v100 = true
cis_type = automated
cis_version = v1.0.0
plugin = github
service = GitHub