Forking Should Not Be Allowed
policy name: forking_allowed_for_repository
severity: LOW
Description
Forking a repository can lead to loss of control and potential exposure of source code. If you do not need forking, it is recommended to turn it off in the project’s configuration. The option to fork should be enabled only by owners deliberately when opting to create a fork.
Threat Example(s)
Forked repositories may leak important code assets or sensitive secrets embedded in the code to anyone outside your organization, as the code becomes publicy-accessible
Remediation
- Make sure you have owner permissions
- Go to the project’s settings page
- Enter “General” tab
- Under “Visibility
- project features
- permissions”
- Toggle off “Forks”