Control: 1.3.9 Ensure an organization's identity is confirmed with a 'Verified' badge
Description
Confirm the domains an organization owns with a "Verified" badge.
Rationale
Verifying the organization’s domains gives developers assurance that a given domain is truly the official home for a public organization. Attackers can pretend to be an organization and steal information via a faked/spoofed domain; therefore, the use of a "Verified" badge instills more confidence and trust between developers and the open-source community.
Audit
Ensure the organization has a "Verified" badge next to its name.
Remediation
Verify the organization's domains and secure a "Verified" badge next to its name.
Usage
Run the control in your terminal:
powerpipe control run github_compliance.control.cis_supply_chain_v100_1_3_9Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run github_compliance.control.cis_supply_chain_v100_1_3_9 --shareSQL
This control uses a named query:
select -- Required Columns url as resource, case when is_verified then 'ok' else 'alarm' end as status, coalesce(name, login) || ' domain is ' || case when (is_verified)::bool then 'verified' else 'not verified' end || '.' as reason, -- Additional Dimensions loginfrom github_my_organization;