GitHub Repository Set To Public
- Query id: 15d8a7fd-465a-4d15-a868-add86552f17b
- Query name: GitHub Repository Set To Public
- Platform: Terraform
- Severity: Medium
- Category: Insecure Configurations
- URL: Github
Description¶
Repositories must be set to private, which means the attribute 'visibility' must be set to 'private' and/or the attribute 'private' must be set to true (the attribute 'visibility' overrides 'private')
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "github_repository" "positive1" {
name = "example"
description = "My awesome codebase"
template {
owner = "github"
repository = "terraform-module-template"
}
}
resource "github_repository" "positive2" {
name = "example"
description = "My awesome codebase"
private = false
template {
owner = "github"
repository = "terraform-module-template"
}
}
resource "github_repository" "positive3" {
name = "example"
description = "My awesome codebase"
private = true
visibility = "public"
template {
owner = "github"
repository = "terraform-module-template"
}
}