The GitHub Repository security scan on Vectrix detects a variety of repository security risks in a connected GitHub organization that could be leaving you vulnerable. This includes repository misconfigurations, SOC 2 and/or ISO 27001 compliance violations, and other issues.
Scan on-demand to detect active repository security issues that you have.
Monitor continuously to get alerted about new repository security issues in the future.
Don't know how GitHub Repositories work? Read more below.
What this scan detects
Detect repositories that have their visibility settings set as 'Public', meaning that anyone can access it. This can be problematic when the code and/or data stored in the repository are particularly sensitive or for internal-use only.
Outside collaborators with repository access
When outside collaborators are added to a repository, this means that a user outside of your organization has been granted some level of access to the repository in question. This can be problematic as it may indicate unauthorized access by individuals outside your team or company.
Default branches without branch protection
When a repository's default branch does not have branch protection enabled, it may be at greater risk of inappropriate or unauthorized activity occurring, including merges without reviews and approvals, etc. It can also prompt SOC 2 compliance violations.
GitHub user added or removed
Get alerted when users are granted access or removed from a repository. This can indicate potentially unauthorized activity in a repository. Use Monitoring to receive this finding.