GitHub Repository Set To Public

• Query id: 15d8a7fd-465a-4d15-a868-add86552f17b
• Query name: GitHub Repository Set To Public
• Platform: Terraform
• Severity: Medium
• Category: Insecure Configurations
• URL: Github

Description

Repositories must be set to private, which means the attribute 'visibility' must be set to 'private' and/or the attribute 'private' must be set to true (the attribute 'visibility' overrides 'private')
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file

resource "github_repository" "positive1" {
  name        = "example"
  description = "My awesome codebase"

  template {
    owner = "github"
    repository = "terraform-module-template"
  }
}

resource "github_repository" "positive2" {
  name        = "example"
  description = "My awesome codebase"

  private = false

  template {
    owner = "github"
    repository = "terraform-module-template"
  }
}

resource "github_repository" "positive3" {
  name        = "example"
  description = "My awesome codebase"

  private = true
  visibility = "public"

  template {
    owner = "github"
    repository = "terraform-module-template"
  }
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file

resource "github_repository" "negative1" {
  name        = "example"
  description = "My awesome codebase"

  private = true

  template {
    owner = "github"
    repository = "terraform-module-template"
  }
}