Ensure GitHub organization security settings has IP allow list enabled
Description
This policy checks whether IP allow list is enabled for GitHub organization security settings. Enabling IP allow lists helps restrict access to GitHub resources, reducing the risk of unauthorized access. It is essential to have this setting enabled to ensure the security of the organization's resources and data. By enabling IP allow lists, organizations can define a set of allowed IP addresses that can access their resources, thereby limiting the attack surface.
Code Example
terraform
resource "github_organization_security_manager" "example" {
ip_allow_list_for_installed_apps_enabled = true
}Remediation
Enable IP allow list for installed apps in GitHub organization security settings.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1041 |
| Severity | MEDIUM |
| IaC Type | github_configuration |
| Frameworks | * |
| Checkov ID | CKV_GITHUB_3 |