Ensure GitHub repository webhooks are using HTTPS
Description
This policy checks whether GitHub repository webhooks are using HTTPS. It is essential to use HTTPS for webhooks to prevent eavesdropping, tampering, and man-in-the-middle attacks. Using HTTP for webhooks can expose sensitive information, such as repository updates and user data. By ensuring webhooks use HTTPS, the integrity and confidentiality of the data exchanged between the repository and the webhook endpoint are maintained.
Code Example
json
{"config": {"url": "https://example.com/webhook", "insecure_ssl": "0"}}Remediation
Ensure the webhook URL starts with 'https' and the 'insecure_ssl' configuration is set to '0'.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1045 |
| Severity | HIGH |
| IaC Type | github_configuration |
| Frameworks | * |
| Checkov ID | CKV_GITHUB_7 |