The GitHub Organization security scan on Vectrix detects a variety of security risks in a connected GitHub Organization that could be leaving you vulnerable. This includes organization misconfigurations, SOC 2 and/or ISO 27001 compliance violations, and other issues.
Scan on-demand to detect active organization security issues that you have.
Monitor continuously to get alerted about new organization security issues in the future.
Don't know how GitHub Organizations work? Read more below.
What this scan detects
Organization members without 2FA
Organization members who do not have two-factor authentication (2FA) configured run the risk of having their accounts compromised without the additional layer of security. This puts your entire organization at risk should a bad actor gain access to a member's account.
Organization members who are publicly visible
Companies often seek to maintain the privacy of their organization members on GitHub for a variety of reasons. This scan detects members who have their individual profile visibility set as Public, meaning that they can be seen as an organization member via the organization's profile.
Organization base permission set as 'Admin'
Having an organization's base permissions set as 'Admin' can be problematic as this, by default, gives all members access to full, administrator-level functionality, including organization and member management.
Disabled Organization 2FA requirement
Having an organization's two-factor authentication (2FA) requirement not enabled can be problematic as it does not force new organization members to first enable 2FA in order to join. This can put your entire organization at risk should a bad actor gain access to a member's account that didn't have 2FA.