private
Default Severity: critical
Explanation
Github repository should be set to be private.
You can do this by either setting private
attribute to 'true' or visibility
attribute to 'internal' or 'private'.
Possible Impact
Anyone can read the contents of the GitHub repository and leak IP
Suggested Resolution
Make sensitive or commercially important repositories private
Insecure Example
The following example will fail the github-repositories-private check.
resource "github_repository" "bad_example" {
name = "example"
description = "My awesome codebase"
visibility = "public"
template {
owner = "github"
repository = "terraform-module-template"
}
}
Secure Example
The following example will pass the github-repositories-private check.
resource "github_repository" "good_example" {
name = "example"
description = "My awesome codebase"
visibility = "private"
template {
owner = "github"
repository = "terraform-module-template"
}
}