Powerpipe Detection Mods →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-github-compliance
Overview
2Dashboards
37Benchmarks
33Queries
2Variables
GitHub

Control: Organization base permissions should be set to None

Description

Organization base permissions should be set to None to force explicit access grants to users to repositories.

Usage

Run the control in your terminal:

powerpipe control run github_compliance.control.organization_base_permissions_none

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run github_compliance.control.organization_base_permissions_none --share

SQL

This control uses a named query:

select
  -- Required Columns
  url as resource,
  case
    when default_repo_permission is null then 'info'
    when default_repo_permission = 'none' then 'ok'
    else 'alarm'
  end as status,
  login || case
    when default_repo_permission is null then ' base permission unknown, manual verification required.'
    else ' base permission is ' || default_repo_permission || '.'
  end as reason,
  -- Additional Dimensions
  login
from
  github_my_organization;

Tags

category = Compliance
other_checks = true
plugin = github
service = GitHub