v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/github_compliance
Overview
2Dashboards
37Controls
33Queries
2Variables
GitHub

Control: 4.3.4 Ensure webhooks of the package registry are secured

Description

Use secured webhooks of the package registry.

Rationale

Webhooks are used for triggering an HTTP request based on an action made in the platform. Typically, package registries feature webhooks when a package receives an update. Since webhooks are an HTTP POST request, they can be malformed if not secured over SSL. To prevent a potential hack and compromise of the webhook or to the registry or web server accepting the request, use only secured webhooks.

Audit

For each webhook in use, ensure it is secured (HTTPS).

Remediation

For each webhook in use, change it to secured (over HTTPS).

Usage

Run the control in your terminal:

powerpipe control run github_compliance.control.cis_supply_chain_v100_4_3_4

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run github_compliance.control.cis_supply_chain_v100_4_3_4 --share

SQL

This control uses a named query:

repo_webhook_package_registery_security_settings_enabled

Tags

category = Compliance
cis = true
cis_section_id = 4.3
cis_supply_chain_v100 = true
cis_type = manual
cis_version = v1.0.0
plugin = github
service = GitHub