Security Policy violation Outside Collaborators

gsa-tts-allstar[bot] commented 1 month ago

This issue was automatically created by Allstar.

Security Policy Violation Found 2 outside collaborators with push access. Found 1 outside collaborators with admin access. This policy requires users with this access to be members of the organisation. That way you can easily audit who has access to your repo, and if an account is compromised it can quickly be denied access to organization resources. To fix this you should either remove the user from repository-based access, or add them to the organization.

Remove the user from the repository-based access. From the main page of the repository, go to Settings -> Manage Access. (For more information, see https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-github-user-account/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository)

OR

Invite the user to join your organisation. Click your profile photo and choose “Your Organization” → choose the org name → “People” → “Invite Member.” (For more information, see https://docs.github.com/en/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization)

If you don't see the Settings tab you probably don't have administrative access. Reach out to the administrators of the organisation to fix this issue.

OR

Exempt the user by adding an exemption to your organization-level Outside Collaborators configuration file.

Issue created by GSA-TTS Allstar. See remediation hints in the README.

This issue will auto resolve when the policy is in compliance.

Issue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.

gsa-tts-allstar[bot] commented 1 month ago

Updating issue after ping interval. See its status below.

Found 2 outside collaborators with push access. Found 1 outside collaborators with admin access. This policy requires users with this access to be members of the organisation. That way you can easily audit who has access to your repo, and if an account is compromised it can quickly be denied access to organization resources. To fix this you should either remove the user from repository-based access, or add them to the organization.

Remove the user from the repository-based access. From the main page of the repository, go to Settings -> Manage Access. (For more information, see https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-github-user-account/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository)

OR

Invite the user to join your organisation. Click your profile photo and choose “Your Organization” → choose the org name → “People” → “Invite Member.” (For more information, see https://docs.github.com/en/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization)

If you don't see the Settings tab you probably don't have administrative access. Reach out to the administrators of the organisation to fix this issue.

OR

Exempt the user by adding an exemption to your organization-level Outside Collaborators configuration file.

gsa-tts-allstar[bot] commented 1 month ago

Updating issue after ping interval. See its status below.

Found 2 outside collaborators with push access. Found 1 outside collaborators with admin access. This policy requires users with this access to be members of the organisation. That way you can easily audit who has access to your repo, and if an account is compromised it can quickly be denied access to organization resources. To fix this you should either remove the user from repository-based access, or add them to the organization.

Remove the user from the repository-based access. From the main page of the repository, go to Settings -> Manage Access. (For more information, see https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-github-user-account/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository)

OR

Invite the user to join your organisation. Click your profile photo and choose “Your Organization” → choose the org name → “People” → “Invite Member.” (For more information, see https://docs.github.com/en/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization)

If you don't see the Settings tab you probably don't have administrative access. Reach out to the administrators of the organisation to fix this issue.

OR

Exempt the user by adding an exemption to your organization-level Outside Collaborators configuration file.

gsa-tts-allstar[bot] commented 1 month ago

Updating issue after ping interval. See its status below.

Found 2 outside collaborators with push access. Found 1 outside collaborators with admin access. This policy requires users with this access to be members of the organisation. That way you can easily audit who has access to your repo, and if an account is compromised it can quickly be denied access to organization resources. To fix this you should either remove the user from repository-based access, or add them to the organization.

Remove the user from the repository-based access. From the main page of the repository, go to Settings -> Manage Access. (For more information, see https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-github-user-account/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository)

OR

Invite the user to join your organisation. Click your profile photo and choose “Your Organization” → choose the org name → “People” → “Invite Member.” (For more information, see https://docs.github.com/en/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization)

If you don't see the Settings tab you probably don't have administrative access. Reach out to the administrators of the organisation to fix this issue.

OR

Exempt the user by adding an exemption to your organization-level Outside Collaborators configuration file.

gsa-tts-allstar[bot] commented 4 weeks ago

Updating issue after ping interval. See its status below.

Found 2 outside collaborators with push access. Found 1 outside collaborators with admin access. This policy requires users with this access to be members of the organisation. That way you can easily audit who has access to your repo, and if an account is compromised it can quickly be denied access to organization resources. To fix this you should either remove the user from repository-based access, or add them to the organization.

Remove the user from the repository-based access. From the main page of the repository, go to Settings -> Manage Access. (For more information, see https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-github-user-account/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository)

OR

Invite the user to join your organisation. Click your profile photo and choose “Your Organization” → choose the org name → “People” → “Invite Member.” (For more information, see https://docs.github.com/en/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization)

If you don't see the Settings tab you probably don't have administrative access. Reach out to the administrators of the organisation to fix this issue.

OR

Exempt the user by adding an exemption to your organization-level Outside Collaborators configuration file.

GSA-TTS / all_sorns

Security Policy violation Outside Collaborators #768