Control: No outside collaborators should have access in each private repository

Description

Outside collaborators should not have access to private repository content.

Usage

Run the control in your terminal:

powerpipe control run github_sherlock.control.private_repo_no_outside_collaborators

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run github_sherlock.control.private_repo_no_outside_collaborators --share

Steampipe Tables

github_my_repository

github_repository_collaborator

SQL

select
  r.url as resource,
  case
    when count(c.user_login) = 0 then 'ok'
    else 'alarm'
  end as status,
  r.name_with_owner || ' has ' || count(c.user_login)::text || ' outside collaborator(s).' as reason,
  r.name_with_owner
from
  github_my_repository r
left outer join
  github_repository_collaborator c
on 
  r.name_with_owner = c.repository_full_name
and 
  c.affiliation = 'OUTSIDE'
where
  r.visibility = 'PRIVATE' 
and
  r.is_fork = false
group by name_with_owner, url