Ensure internal repository creation is limited to specific members
Description
This policy checks whether internal repository creation is limited to specific members in a GitHub organization. It ensures that the 'members_can_create_internal_repositories' setting is set to False, preventing all members from creating internal repositories. This is important to maintain control over repository creation and reduce the risk of unauthorized or malicious repositories. By limiting internal repository creation, organizations can better manage their codebase and reduce potential security risks.
Code Example
github
In the GitHub organization settings, navigate to 'Member privileges' and ensure the 'Repository creation' section has 'Create internal repositories' set to 'Selected roles' or 'None', rather than 'All members'.Remediation
Set 'members_can_create_internal_repositories' to False in the GitHub organization settings.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1061 |
| Severity | MEDIUM |
| IaC Type | github_configuration |
| Frameworks | * |
| Checkov ID | CKV_GITHUB_23 |