Detection: Repository Visibility Set Public
Overview
Detect when a private repository's visibility was set to public. Changing a repository to public may expose proprietary or sensitive code, increasing the risk of data leaks, unauthorized access, and potential exploitation. Monitoring these events ensures that repository visibility changes are intentional and comply with security policies.
References:
Usage
Run the detection in your terminal:
powerpipe detection run github_audit_log_detections.detection.repository_visibility_set_publicSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe detection run github_audit_log_detections.detection.repository_visibility_set_public --shareSQL
This detection uses a named query:
select tp_timestamp as timestamp,action as operation,concat('https://github.com/', repo) as resource,actor,tp_source_ip as source_ip,tp_index as organization,split_part(repo, '/', 2) as repository,tp_id as source_id,*exclude (actor, timestamp)
from github_audit_logwhere action = 'repo.access' and (additional_fields ->> 'visibility') = 'public' and (additional_fields ->> 'previous_visibility') = 'private'order by tp_timestamp desc;