GithubHelp home page GithubHelp logo

isabella232 / deprecated-patrol-rules-github Goto Github PK

View Code? Open in Web Editor NEW

This project forked from mapbox/deprecated-patrol-rules-github

0.0 0.0 0.0 109 KB

GitHub Patrol rules

License: BSD 2-Clause "Simplified" License

JavaScript 100.00%

deprecated-patrol-rules-github's Introduction

⚠️ DEPRECATED ⚠️

patrol-rules-github

Build Status

A set of AWS Lambda functions implemented using lambda-cfn to monitor an organization's GitHub repositories and users for best practices, security and compliance. Part of the Mapbox Patrol security framework.

Deploying

Please see the lambda-cfn README.

Patrol Functions

The following functions are included with patrol-rules-github. Each function is configurable, and you will be prompted to enter configuration values when deploying the function with lambda-cfn.

2faDisabled

  • Description - Checks the GitHub organization for users with 2FA disabled.
  • Trigger - Scheduled, every 5 minutes.
  • Parameters
    • githubOrganization - Name of the GitHub organization to monitor.
    • githubToken - Personal GitHub access token. Must be created by an organization owner.
    • allowedList - A comma separated list of allowed users with 2FA disabled.

madePublic

  • Description - Alerts when a private repository in the organization is made public. Uses GitHub organizational webhooks, which must be configured to send events to the webhook URL. The GitHub webhook should be set to fire on events of type "public".
  • Trigger - Webhook
  • Parameters
    • none
  • Outputs
    • Webhook URL
  • Github Hooks - Enable Visibility changes and Repositories events events.

privateRepoFork

  • Description - Alerts when a private repository in the organization is forked. Uses GitHub organizational webhooks, which must be configured to send events to the webhook URL. The GitHub webhook should set to fire on events of type "fork".
  • Trigger - Webhook
  • Parameters
    • none
  • Outputs
    • Webhook URL

Webhook Configuration

Some of these rule functions (madePublic, privateRepoFork) rely on webhooks. Webhook URLs are automatically generated when deploying these rules to AWS. You can obtain these URLs by running lambda-cfn info <environment name> and checking the output section of the CloudFormation template.

Once you have the webhook URL you will need to create a GitHub organizational webhook. Only GitHub organization owners can create organizational webhooks. The Content Type for each webhook must be set to application/json and not the default application/x-www-form-urlencoded. You will also need to select individual events for each webhook rather than accept the default settings - see the rule function documentation for more details.

Contributing

Please see CONTRIBUTING.md.

deprecated-patrol-rules-github's People

Contributors

alulsh avatar matiskay avatar npeternel avatar rclark avatar tmcw avatar vsmart avatar zmully avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.