Mods

turbot/github_sherlock

GitHub
Overview
4Dashboards
34Controls
0Queries
0Variables
GitHub
Loading controls...
On This Page
Description
Usage
Plugins & Tables
SQL
Tags
Get Involved
Edit on GitHub
Discuss on Slack

Control: Organization default repository permissions should be limited

Description

Members of your organization should not have write or admin permissions by default in all repositories.

Usage

Run the control in your terminal:

steampipe check github_sherlock.control.org_default_repo_permissions_limited

Snapshot and share results via Steampipe Cloud:

steampipe login
steampipe check --share github_sherlock.control.org_default_repo_permissions_limited

Plugins & Tables

github_my_organization
GitHub plugin

SQL

select
  url as resource,
  case
    when default_repo_permission is null then 'skip'
    when default_repo_permission in ('write', 'admin') then 'alarm'
    else 'ok'
  end as status,
  case
    when default_repo_permission is null then 'User do not have required permission to query ' || login || '.'
    else login || ' default repository permissions are ' || default_repo_permission || '.'
  end as reason,
  login
from
  github_my_organization

Tags

category = Compliance
plugin = github
service = GitHub/Organization