Benchmark: 1.3 Contribution Access
This section consists of security recommendations for managing access to the application code. This includes managing both internal and external access, administrator accounts, permissions, identification methods, etc. Securing these items is important for software safety, because every security constraint on access is an obstacle in the way of attacks.
This section differentiates between common user account and admin account. It is important to understand that due to the high permissions of the admin account, it should be used only for administrative work and not for everyday tasks.
Browse dashboards and select 1.3 Contribution Access:
Or run the benchmarks in your terminal:
steampipe check github_compliance.benchmark.cis_supply_chain_v100_1_3
Snapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share github_compliance.benchmark.cis_supply_chain_v100_1_3
- 1.3.1 Ensure inactive users are reviewed and removed periodically
- 1.3.3 Ensure minimum number of administrators are set for the organization
- 1.3.5 Ensure the organization is requiring members to use Multi-Factor Authentication (MFA)
- 1.3.7 Ensure two administrators are set for each repository
- 1.3.8 Ensure strict base permissions are set for repositories
- 1.3.9 Ensure an organization's identity is confirmed with a 'Verified' badge