Security Policy violation Outside Collaborators
google-allstar-prod opened this issue · 12 comments
This issue was automatically created by Allstar.
Security Policy Violation
Found 3 outside collaborators with admin access.
This policy requires users with this access to be members of the organisation. That way you can easily audit who has access to your repo, and if an account is compromised it can quickly be denied access to organization resources. To fix this you should either remove the user from repository-based access, or add them to the organization.
- Remove the user from the repository-based access. From the main page of the repository, go to Settings -> Manage Access.
(For more information, see https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-github-user-account/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository)
OR
- Invite the user to join your organisation. Click your profile photo and choose “Your Organization” → choose the org name → “People” → “Invite Member.” (For more information, see https://docs.github.com/en/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization)
If you don't see the Settings tab you probably don't have administrative access. Reach out to the administrators of the organisation to fix this issue.
OR
- Exempt the user by adding an exemption to your organization-level Outside Collaborators configuration file.
This issue will auto resolve when the policy is in compliance.
Issue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.
The policy result has been updated.
Found 2 outside collaborators with admin access.
This policy requires users with this access to be members of the organisation. That way you can easily audit who has access to your repo, and if an account is compromised it can quickly be denied access to organization resources. To fix this you should either remove the user from repository-based access, or add them to the organization.
- Remove the user from the repository-based access. From the main page of the repository, go to Settings -> Manage Access.
(For more information, see https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-github-user-account/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository)
OR
- Invite the user to join your organisation. Click your profile photo and choose “Your Organization” → choose the org name → “People” → “Invite Member.” (For more information, see https://docs.github.com/en/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization)
If you don't see the Settings tab you probably don't have administrative access. Reach out to the administrators of the organisation to fix this issue.
OR
- Exempt the user by adding an exemption to your organization-level Outside Collaborators configuration file.
The policy result has been updated.
Found 1 outside collaborators with admin access.
This policy requires users with this access to be members of the organisation. That way you can easily audit who has access to your repo, and if an account is compromised it can quickly be denied access to organization resources. To fix this you should either remove the user from repository-based access, or add them to the organization.
- Remove the user from the repository-based access. From the main page of the repository, go to Settings -> Manage Access.
(For more information, see https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-github-user-account/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository)
OR
- Invite the user to join your organisation. Click your profile photo and choose “Your Organization” → choose the org name → “People” → “Invite Member.” (For more information, see https://docs.github.com/en/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization)
If you don't see the Settings tab you probably don't have administrative access. Reach out to the administrators of the organisation to fix this issue.
OR
- Exempt the user by adding an exemption to your organization-level Outside Collaborators configuration file.
Updating issue after ping interval. See its status below.
Found 1 outside collaborators with admin access.
This policy requires users with this access to be members of the organisation. That way you can easily audit who has access to your repo, and if an account is compromised it can quickly be denied access to organization resources. To fix this you should either remove the user from repository-based access, or add them to the organization.
- Remove the user from the repository-based access. From the main page of the repository, go to Settings -> Manage Access.
(For more information, see https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-github-user-account/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository)
OR
- Invite the user to join your organisation. Click your profile photo and choose “Your Organization” → choose the org name → “People” → “Invite Member.” (For more information, see https://docs.github.com/en/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization)
If you don't see the Settings tab you probably don't have administrative access. Reach out to the administrators of the organisation to fix this issue.
OR
- Exempt the user by adding an exemption to your organization-level Outside Collaborators configuration file.
Updating issue after ping interval. See its status below.
Found 1 outside collaborators with admin access.
This policy requires users with this access to be members of the organisation. That way you can easily audit who has access to your repo, and if an account is compromised it can quickly be denied access to organization resources. To fix this you should either remove the user from repository-based access, or add them to the organization.
- Remove the user from the repository-based access. From the main page of the repository, go to Settings -> Manage Access.
(For more information, see https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-github-user-account/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository)
OR
- Invite the user to join your organisation. Click your profile photo and choose “Your Organization” → choose the org name → “People” → “Invite Member.” (For more information, see https://docs.github.com/en/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization)
If you don't see the Settings tab you probably don't have administrative access. Reach out to the administrators of the organisation to fix this issue.
OR
- Exempt the user by adding an exemption to your organization-level Outside Collaborators configuration file.
Updating issue after ping interval. See its status below.
Found 1 outside collaborators with admin access.
This policy requires users with this access to be members of the organisation. That way you can easily audit who has access to your repo, and if an account is compromised it can quickly be denied access to organization resources. To fix this you should either remove the user from repository-based access, or add them to the organization.
- Remove the user from the repository-based access. From the main page of the repository, go to Settings -> Manage Access.
(For more information, see https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-github-user-account/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository)
OR
- Invite the user to join your organisation. Click your profile photo and choose “Your Organization” → choose the org name → “People” → “Invite Member.” (For more information, see https://docs.github.com/en/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization)
If you don't see the Settings tab you probably don't have administrative access. Reach out to the administrators of the organisation to fix this issue.
OR
- Exempt the user by adding an exemption to your organization-level Outside Collaborators configuration file.
Updating issue after ping interval. See its status below.
Found 1 outside collaborators with admin access.
This policy requires users with this access to be members of the organisation. That way you can easily audit who has access to your repo, and if an account is compromised it can quickly be denied access to organization resources. To fix this you should either remove the user from repository-based access, or add them to the organization.
- Remove the user from the repository-based access. From the main page of the repository, go to Settings -> Manage Access.
(For more information, see https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-github-user-account/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository)
OR
- Invite the user to join your organisation. Click your profile photo and choose “Your Organization” → choose the org name → “People” → “Invite Member.” (For more information, see https://docs.github.com/en/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization)
If you don't see the Settings tab you probably don't have administrative access. Reach out to the administrators of the organisation to fix this issue.
OR
- Exempt the user by adding an exemption to your organization-level Outside Collaborators configuration file.
Updating issue after ping interval. See its status below.
Found 1 outside collaborators with admin access.
This policy requires users with this access to be members of the organisation. That way you can easily audit who has access to your repo, and if an account is compromised it can quickly be denied access to organization resources. To fix this you should either remove the user from repository-based access, or add them to the organization.
- Remove the user from the repository-based access. From the main page of the repository, go to Settings -> Manage Access.
(For more information, see https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-github-user-account/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository)
OR
- Invite the user to join your organisation. Click your profile photo and choose “Your Organization” → choose the org name → “People” → “Invite Member.” (For more information, see https://docs.github.com/en/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization)
If you don't see the Settings tab you probably don't have administrative access. Reach out to the administrators of the organisation to fix this issue.
OR
- Exempt the user by adding an exemption to your organization-level Outside Collaborators configuration file.
Updating issue after ping interval. See its status below.
Found 1 outside collaborators with admin access.
This policy requires users with this access to be members of the organisation. That way you can easily audit who has access to your repo, and if an account is compromised it can quickly be denied access to organization resources. To fix this you should either remove the user from repository-based access, or add them to the organization.
- Remove the user from the repository-based access. From the main page of the repository, go to Settings -> Manage Access.
(For more information, see https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-github-user-account/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository)
OR
- Invite the user to join your organisation. Click your profile photo and choose “Your Organization” → choose the org name → “People” → “Invite Member.” (For more information, see https://docs.github.com/en/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization)
If you don't see the Settings tab you probably don't have administrative access. Reach out to the administrators of the organisation to fix this issue.
OR
- Exempt the user by adding an exemption to your organization-level Outside Collaborators configuration file.
Updating issue after ping interval. See its status below.
Found 1 outside collaborators with admin access.
This policy requires users with this access to be members of the organisation. That way you can easily audit who has access to your repo, and if an account is compromised it can quickly be denied access to organization resources. To fix this you should either remove the user from repository-based access, or add them to the organization.
- Remove the user from the repository-based access. From the main page of the repository, go to Settings -> Manage Access.
(For more information, see https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-github-user-account/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository)
OR
- Invite the user to join your organisation. Click your profile photo and choose “Your Organization” → choose the org name → “People” → “Invite Member.” (For more information, see https://docs.github.com/en/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization)
If you don't see the Settings tab you probably don't have administrative access. Reach out to the administrators of the organisation to fix this issue.
OR
- Exempt the user by adding an exemption to your organization-level Outside Collaborators configuration file.
Updating issue after ping interval. See its status below.
Found 1 outside collaborators with admin access.
This policy requires users with this access to be members of the organisation. That way you can easily audit who has access to your repo, and if an account is compromised it can quickly be denied access to organization resources. To fix this you should either remove the user from repository-based access, or add them to the organization.
- Remove the user from the repository-based access. From the main page of the repository, go to Settings -> Manage Access.
(For more information, see https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-github-user-account/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository)
OR
- Invite the user to join your organisation. Click your profile photo and choose “Your Organization” → choose the org name → “People” → “Invite Member.” (For more information, see https://docs.github.com/en/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization)
If you don't see the Settings tab you probably don't have administrative access. Reach out to the administrators of the organisation to fix this issue.
OR
- Exempt the user by adding an exemption to your organization-level Outside Collaborators configuration file.
Updating issue after ping interval. See its status below.
Found 1 outside collaborators with admin access.
This policy requires users with this access to be members of the organisation. That way you can easily audit who has access to your repo, and if an account is compromised it can quickly be denied access to organization resources. To fix this you should either remove the user from repository-based access, or add them to the organization.
- Remove the user from the repository-based access. From the main page of the repository, go to Settings -> Manage Access.
(For more information, see https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-github-user-account/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository)
OR
- Invite the user to join your organisation. Click your profile photo and choose “Your Organization” → choose the org name → “People” → “Invite Member.” (For more information, see https://docs.github.com/en/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization)
If you don't see the Settings tab you probably don't have administrative access. Reach out to the administrators of the organisation to fix this issue.
OR
- Exempt the user by adding an exemption to your organization-level Outside Collaborators configuration file.
Policy is now in compliance. Closing issue.