Control: 1.3.7 Ensure two administrators are set for each repository
Description
Ensure every repository has two users with administrative permissions.
Rationale
Repository administrators have the highest permissions to said repository. These include the ability to add/remove collaborators, change branch protection policy, and convert to a publicly accessible repository. Due to the liberal access granted to a repository administrator, it is highly recommended that only two contributors occupy this role.
Note: Removing administrative users from a repository would result in them losing high-level access to that repository.
Audit
For every repository in use, verify there are two administrators.
Remediation
For every repository in use, set two administrators.
Usage
Run the control in your terminal:
powerpipe control run github_compliance.control.cis_supply_chain_v100_1_3_7Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run github_compliance.control.cis_supply_chain_v100_1_3_7 --shareSQL
This control uses a named query:
repo_should_have_two_admins