Ensure GitHub organization webhooks are using HTTPS
Description
This policy checks whether GitHub organization webhooks are using HTTPS. It's essential to use HTTPS for webhooks to prevent eavesdropping, tampering, and man-in-the-middle attacks. Using HTTP for webhooks can expose sensitive information, such as secrets and authentication tokens. By ensuring webhooks use HTTPS, organizations can protect their data and maintain the integrity of their GitHub workflows.
Code Example
json
{"config": {"url": "https://example.com/webhook", "insecure_ssl": "0"}}Remediation
Ensure the webhook URL starts with 'https' and insecure SSL is disabled.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1044 |
| Severity | HIGH |
| IaC Type | github_configuration |
| Frameworks | * |
| Checkov ID | CKV_GITHUB_6 |