GitHub repository defined in Terraform is not Private
Description
When you create a Cloud repository, you specify whether it's private or public, but you can also change this setting at any time. If your repository is public, anyone can access and fork it. If your repository is private, you can specify who exactly can access your repository and whether they can fork it.
Code Example
go
resource "github_repository" "example" {
name = "example"
description = "My awesome codebase"
+ visibility = "private"
template {
owner = "github"
repository = "terraform-template-module"
include_all_branches = true
}
}Remediation
*GitHub Warning: This may break references to the repository
- On GitHub.com, navigate to the repository.
- In the menu bar under the repository name click on Settings
- In the "Danger Zone" section, click on "Change repository visibility"
- Choose private
Terraform
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1032 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_GIT_1 |