From ad721b0a7d1ce3de8d0c3276d2abb8abd107d181 Mon Sep 17 00:00:00 2001 From: build docs workflow Date: Mon, 1 Jan 2024 09:18:44 +0000 Subject: [PATCH] update docs --- .../enable_push_protection_secret_scanning.md | 4 +-- .../users_allowed_to_bypass_ruleset.md | 30 +++++++++++++++++++ docs/index.md | 5 +--- 3 files changed, 33 insertions(+), 6 deletions(-) create mode 100644 docs/github/repository/users_allowed_to_bypass_ruleset.md diff --git a/docs/github/enterprise/enable_push_protection_secret_scanning.md b/docs/github/enterprise/enable_push_protection_secret_scanning.md index 49812ac3..fc69eb8e 100644 --- a/docs/github/enterprise/enable_push_protection_secret_scanning.md +++ b/docs/github/enterprise/enable_push_protection_secret_scanning.md @@ -1,12 +1,12 @@ --- layout: default -title: Enterprise Should Automatically Enable Secret Scanning Across All Organizations/Repositories +title: Enterprise Should Automatically Enable Secret Scanning Push Protection Across All Organizations/Repositories parent: Enterprise Policies grand_parent: GitHub Policies --- -## Enterprise Should Automatically Enable Secret Scanning Across All Organizations/Repositories +## Enterprise Should Automatically Enable Secret Scanning Push Protection Across All Organizations/Repositories policy name: enable_push_protection_secret_scanning severity: MEDIUM diff --git a/docs/github/repository/users_allowed_to_bypass_ruleset.md b/docs/github/repository/users_allowed_to_bypass_ruleset.md new file mode 100644 index 00000000..dffa7e1a --- /dev/null +++ b/docs/github/repository/users_allowed_to_bypass_ruleset.md @@ -0,0 +1,30 @@ +--- +layout: default +title: Users Are Allowed To Bypass Ruleset Rules +parent: Repository Policies +grand_parent: GitHub Policies +--- + + +## Users Are Allowed To Bypass Ruleset Rules +policy name: users_allowed_to_bypass_ruleset + +severity: MEDIUM + +### Description +Rulesets rules are not enforced for some users. When defining rulesets it is recommended to make sure that no one is allowed to bypass these rules in order to avoid inadvertent or intentional alterations to critical code which can lead to potential errors or vulnerabilities in the software. + +### Threat Example(s) +Attackers that gain access to a user that can bypass the ruleset rules can compromise the codebase without anyone noticing, introducing malicious code that would go straight ahead to production. + + + +### Remediation +1. Go to the repository settings page +2. Under "Code and automation", select "Rules -> Rulesets" +3. Find the relevant ruleset +4. Empty the "Bypass list" +5. Press "Save Changes" + + + diff --git a/docs/index.md b/docs/index.md index 061d2bce..eb61f725 100644 --- a/docs/index.md +++ b/docs/index.md @@ -21,7 +21,4 @@ Supporting: And More to come... --- -> ℹ️ **NOTE:** This webpage describes only the policies which Legitify supports. To learn more about how to use the cli tool, or contribute the source code, visit [Legitify's GitHub page](https://github.com/Legit-Labs/legitify). -> - - +> ℹ️ **NOTE:** This webpage describes only the policies which Legitify supports. To learn more about how to use the cli tool, or contribute the source code, visit [Legitify's GitHub page](https://github.com/Legit-Labs/legitify). \ No newline at end of file