diff --git a/docs/github/repository/forking_allowed_for_repository.md b/docs/github/repository/forking_allowed_for_repository.md index c46200cf..2b2e2a53 100644 --- a/docs/github/repository/forking_allowed_for_repository.md +++ b/docs/github/repository/forking_allowed_for_repository.md @@ -1,18 +1,18 @@ --- layout: default -title: Forking Should Not Be Allowed for This Repository +title: Forking Should Not Be Allowed for Private/Internal Repositories parent: Repository Policies grand_parent: GitHub Policies --- -## Forking Should Not Be Allowed for This Repository +## Forking Should Not Be Allowed for Private/Internal Repositories policy name: forking_allowed_for_repository severity: LOW ### Description -Forking a repository can lead to loss of control and potential exposure of the source code. If you do not need forking, it is recommended to turn it off in the repository configuration. If needed, forking should be turned on by admins deliberately when opting to create a fork. +Forking private or internal repositories can lead to unauthorized spread and potential exposure of sensitive source code. It is recommended to disable forking for private repositories in the repository or the organization configuration to maintain control over the source code. If forking is necessary, it should be enabled selectively by admins for specific collaboration needs on private repositories. ### Threat Example(s) Forked repositories cause more code and secret sprawl in the organization as forks are independent copies of the repository and need to be tracked separately, making it more difficult to keep track of sensitive assets and contain potential incidents. diff --git a/docs/github/repository/secret_scanning_not_enabled.md b/docs/github/repository/secret_scanning_not_enabled.md new file mode 100644 index 00000000..892fffc8 --- /dev/null +++ b/docs/github/repository/secret_scanning_not_enabled.md @@ -0,0 +1,28 @@ +--- +layout: default +title: Secret Scanning should be enabled +parent: Repository Policies +grand_parent: GitHub Policies +--- + + +## Secret Scanning should be enabled +policy name: secret_scanning_not_enabled + +severity: MEDIUM + +### Description +Repository should have secret scanning enabled. Secret scanning helps prevent the exposure of sensitive information and ensures compliance. + +### Threat Example(s) +Exposed secrets increases the risk of sensitive information such as API keys, passwords, and tokens being disclosed, leading to unauthorized access to systems and services, and data breaches. + + + +### Remediation +1. Go to the repository settings page +2. Under the 'Security' title on the left, select 'Code security and analysis' +3. Under 'Secret scanning', click 'Enable' + + + diff --git a/docs/gitlab/project/forking_allowed_for_repository.md b/docs/gitlab/project/forking_allowed_for_repository.md index 09938c54..5a306759 100644 --- a/docs/gitlab/project/forking_allowed_for_repository.md +++ b/docs/gitlab/project/forking_allowed_for_repository.md @@ -1,18 +1,18 @@ --- layout: default -title: Forking Should Not Be Allowed +title: Forking Should Not Be Allowed for Private/Internal Projects parent: Project Policies grand_parent: GitLab Policies --- -## Forking Should Not Be Allowed +## Forking Should Not Be Allowed for Private/Internal Projects policy name: forking_allowed_for_repository severity: LOW ### Description -Forking a repository can lead to loss of control and potential exposure of source code. If you do not need forking, it is recommended to turn it off in the project's configuration. The option to fork should be enabled only by owners deliberately when opting to create a fork. +Forking a project (repository) can lead to loss of control and potential exposure of source code. If you do not need forking, it is recommended to turn it off in the project or group configuration. The option to fork should be enabled only by owners deliberately when opting to create a fork. ### Threat Example(s) Forked repositories may leak important code assets or sensitive secrets embedded in the code to anyone outside your organization, as the code becomes publicly accessible.