Benchmark: 1.2 Repository Management
Overview
This section consists of security recommendations for proper code repository management. Code repositories are where the application code is stored and organized. It is important to keep code repositories organized and maintained to avoid data loss, data theft, and other attacks that may happen unknowingly when a repository is not maintained well. The recommendations of this section are setting guides to do so.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-github-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select 1.2 Repository Management.
Run this benchmark in your terminal:
powerpipe benchmark run github_compliance.benchmark.cis_supply_chain_v100_1_2
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run github_compliance.benchmark.cis_supply_chain_v100_1_2 --share
Controls
- 1.2.1 Ensure all public repositories contain a SECURITY.md file
- 1.2.2 Ensure repository creation is limited to specific members
- 1.2.3 Ensure repository deletion is limited to specific users
- 1.2.4 Ensure issue deletion is limited to specific users
- 1.2.4 Ensure inactive repositories are reviewed and archived periodically