Two Factor Authentication
Ensures multi-factor authentication is enabled for the default user account. GitHub MFA provides additional account security by requiring an additional login device or code. All accounts should have MFA enabled.
Ensures multi-factor authentication is enabled for the default user account. GitHub MFA provides additional account security by requiring an additional login device or code. All accounts should have MFA enabled.
Checks that the primary email addresses associated with a GitHub account is set to private visibility. Email addresses added to GitHub should be set to private visibility to increase privacy and prevent account reconnaissance.
Having too many owners of a Git organization increases the risk of a serious compromise from lost credentials.
The default permission given to new organization users should be set to none. Read permissions risk exposing private repositories, while write or admin permissions risk sensitive access to repositories for new users.
MFA should be enabled and enforced for all users of an organization.
Running out of licenses will prevent developers from adding new users.
MFA should be enabled and enforced for all members of an organization.
MFA should be enabled and enforced for all outside collaborators of an organization.
Allowing multiple users admin or push access to organization repositories places the organization at risk for contributions that can be pushed without review.
Allowing outside collaborators admin or push access to organization repositories places the organization at risk from non-member contributions that can be pushed without review.
Deploy keys can have significant access to a repository and should be rotated on a regular basis.
GitHub GPG keys are used to cryptographically sign code commits and should be rotated every 180 days.
You are informed before your users.