Enterprise Should Not Allow Members To Change Repository Visibility
policy name: enterprise_not_using_visibility_change_disable_policy
severity: MEDIUM
Description
The enterprise’s Repository visibility change policy should be set to DISABLED. This will prevents users from creating private repositories and change them to be public. Malicous actors could leak code if enabled.
Threat Example(s)
A member of the organization could inadvertently or maliciously make public an internal repository exposing confidential data.
Remediation
- Make sure you are an enterprise owner
- Go to the policies page
- Under the “Repository visibility change” section
- choose the “Disabled” option