Powerpipe Detection Mods →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-github-compliance
Overview
2Dashboards
37Benchmarks
33Queries
2Variables
GitHub

Control: 1.2.4 Ensure inactive repositories are reviewed and archived periodically

Description

Ensure inactive repositories are reviewed and archived periodically

Rationale

Inactive repositories (i.e., no new changes introduced for a long period of time) can enlarge the surface of a potential attack or data leak. These repositories are more likely to be improperly managed, and thus could possibly be accessed by many users in an organization.

Note: Bug fixes and deployment of necessary changes could prove complicated for archived repositories.

Audit

Verify that all the repositories in the organization are active, and those that are not are reviewed or archived.

Remediation

Review all inactive repositories and archive them periodically.

Usage

Run the control in your terminal:

powerpipe control run github_compliance.control.cis_supply_chain_v100_1_2_7

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run github_compliance.control.cis_supply_chain_v100_1_2_7 --share

SQL

This control uses a named query:

select
  -- Required Columns
  url as resource,
  case
    when EXTRACT(DAY FROM CURRENT_TIMESTAMP - updated_at) <= 90 then 'ok'
    else 'alarm'
  end as status,
  case
    when EXTRACT(DAY FROM CURRENT_TIMESTAMP - updated_at) <= 90 then name_with_owner || ' is active.'
    else name_with_owner || ' is inactive since ' || EXTRACT(DAY FROM CURRENT_TIMESTAMP - updated_at) || ' days.'
  end as reason,
  -- Additional Dimensions
  name_with_owner
from
  github_my_repository
where
  not is_fork
order by
  name_with_owner;

Tags

category = Compliance
cis = true
cis_section_id = 1.2
cis_supply_chain_v100 = true
cis_type = automated
cis_version = v1.0.0
plugin = github
service = GitHub