turbot/github_compliance
GitHub
Loading controls...

Control: 4.3.4 Ensure webhooks of the package registry are secured

Description

Use secured webhooks of the package registry.

Rationale

Webhooks are used for triggering an HTTP request based on an action made in the platform. Typically, package registries feature webhooks when a package receives an update. Since webhooks are an HTTP POST request, they can be malformed if not secured over SSL. To prevent a potential hack and compromise of the webhook or to the registry or web server accepting the request, use only secured webhooks.

Audit

For each webhook in use, ensure it is secured (HTTPS).

Remediation

For each webhook in use, change it to secured (over HTTPS).

Usage

Run the control in your terminal:

steampipe check github_compliance.control.cis_supply_chain_v100_4_3_4

Snapshot and share results via Steampipe Cloud:

steampipe login
steampipe check --share github_compliance.control.cis_supply_chain_v100_4_3_4

SQL

This control uses a named query:

repo_webhook_package_registery_security_settings_enabled

Tags