Netskope

GitHub Predefined Rules



🔍
Name Description Service Rule
Ensure no users have 2FA disabled The organization should not have any users with 2FA disabled. Github
Organization should have has_2fa_disable_users eq false
Ensure 2FA is required for the organization The organization should require all users to have 2FA enabled. Github
Organization should have two_factor_requirement_enabled eq true
Do not allow admin users to bypass branch protection rules Admin users should not be allowed to bypass branch protection rules. Github
Repository should have branch_protection_rule_bypass_admin_user eq false
Ensure no gists are public The organization should not have any public gists. Github
Organization should have public_gists_count eq 0
Ensure branch protection rules prohibit deletion of the default branch The organization should have branch protection rules configured which prevent the default branch from being deleted. Github
Repository should have default_branch.protection_rule.allow_deletions eq false
Disable force-pushing on the default branch Force-pushing should not be enabled on the default branch. Github
Repository should have default_branch.protection_rule.allow_force_pushes eq false
Ensure no administrators are inactive The organization should have no inactive administrators (no activity for over 30 days). Github
Organization should have has_inactive_admin_users eq false
Ensure there are no inactive repositories There should be no inactive repository (no activity for over 30 days). Github
Repository should not have pushed_at isEarlierThan (-30, "days")
Ensure there are no inactive users The organization should have no inactive users (no activity for over 30 days). Github
Organization should have has_inactive_users eq false
Ensure no new repositories exist Ensure administrators are aware of any new repositories (created in the past day). Github
Repository should have created_at isEarlierThan (-1, "days")
Ensure no new connected apps exist Ensure administrators are aware of any new connected apps (created in the past day). Github
ConnectedApp should have created_at isEarlierThan (-1, "days")
Ensure private repositories do not have any forks A private repository should not have any forks. Github
Repository where private eq true should have fork_count eq 0
Ensure repositories are set to private The repository should be set to private. Github
Repository should have private eq true
Ensure branch protection rules are enabled for all branches in the repository The repository should have a branch protection rule enabled for all branches. Github
Repository should have branch_protection_enabled_for_all_branches eq true
Repositories should contain a CODEOWNERS file The default branch of a repository should have a CODEOWNERS file. Github
Repository should have default_branch.has_codeowners_file eq true
Repositories should contain a .gitignore file The default branch of a repository should have a .gitignore file. Github
Repository should have default_branch.has_gitignore_file eq true
Public repositories should have a LICENSE file The default branch of a public repository should have a LICENSE file. Github
Repository where private eq false should have default_branch.has_license_file eq true
Ensure connected apps do not have write access to organization administration Administrators should not allow connected GitHub apps to have organization administration write access. Connected apps with this permission level can modify organization settings and information. Github
ConnectedApp should not have write_permissions has ("organization_administration")
Ensure Secrets Detection is enabled Secret scanning should be enabled for the repository. Github
Repository should have secret_scanning_enabled eq true
Dismiss stale pull request approvals on the repository's default branch Stale pull request approvals should be dismissed when new commits are pushed to pull requests on the default branch. Github
Repository should have default_branch.protection_rule.dismisses_stale_reviews eq true
Require at least 1 approving review for pull requests on the repository's default branch Every pull request in the repository should require at least 1 approving review. Github
Repository should have default_branch.protection_rule.requires_approving_reviews eq true and default_branch.protection_rule.required_approving_review_count gte 1
Require status checks for pull requests approvals on the repository's default branch Every pull request should require status checks to pass before merging. Github
Repository should have default_branch.protection_rule.requires_status_checks eq true
Ensure the organization's default repository permission is not set to admin GitHub organizations should not have the default repository permission set to admin. Github
Organization should not have default_repository_permission eq "admin"
Ensure repository does not have any outside collaborators The repository should not be accessible to outside collaborators. Github
Repository should have has_outside_collaborators eq false
Ensure a public repository has a security policy enabled The public repository should have a security policy enabled. Github
Repository where private eq false should have is_security_policy_enabled eq true
Name Description Service Rule
Ensure no users have 2FA disabled The organization should not have any users with 2FA disabled. Github
Organization should have has_2fa_disable_users eq false
Ensure 2FA is required for the organization The organization should require all users to have 2FA enabled. Github
Organization should have two_factor_requirement_enabled eq true
Do not allow admin users to bypass branch protection rules Admin users should not be allowed to bypass branch protection rules. Github
Repository should have branch_protection_rule_bypass_admin_user eq false
Ensure no gists are public The organization should not have any public gists. Github
Organization should have public_gists_count eq 0
Ensure branch protection rules prohibit deletion of the default branch The organization should have branch protection rules configured which prevent the default branch from being deleted. Github
Repository should have default_branch.protection_rule.allow_deletions eq false
Disable force-pushing on the default branch Force-pushing should not be enabled on the default branch. Github
Repository should have default_branch.protection_rule.allow_force_pushes eq false
Ensure no administrators are inactive The organization should have no inactive administrators (no activity for over 30 days). Github
Organization should have has_inactive_admin_users eq false
Ensure there are no inactive users The organization should have no inactive users (no activity for over 30 days). Github
Organization should have has_inactive_users eq false
Ensure private repositories do not have any forks A private repository should not have any forks. Github
Repository where private eq true should have fork_count eq 0
Ensure repositories are set to private The repository should be set to private. Github
Repository should have private eq true
Name Description Service Rule
Ensure no users have 2FA disabled The organization should not have any users with 2FA disabled. Github
Organization should have has_2fa_disable_users eq false
Ensure 2FA is required for the organization The organization should require all users to have 2FA enabled. Github
Organization should have two_factor_requirement_enabled eq true
Do not allow admin users to bypass branch protection rules Admin users should not be allowed to bypass branch protection rules. Github
Repository should have branch_protection_rule_bypass_admin_user eq false
Ensure no gists are public The organization should not have any public gists. Github
Organization should have public_gists_count eq 0
Ensure branch protection rules prohibit deletion of the default branch The organization should have branch protection rules configured which prevent the default branch from being deleted. Github
Repository should have default_branch.protection_rule.allow_deletions eq false
Disable force-pushing on the default branch Force-pushing should not be enabled on the default branch. Github
Repository should have default_branch.protection_rule.allow_force_pushes eq false
Ensure no administrators are inactive The organization should have no inactive administrators (no activity for over 30 days). Github
Organization should have has_inactive_admin_users eq false
Ensure there are no inactive users The organization should have no inactive users (no activity for over 30 days). Github
Organization should have has_inactive_users eq false
Ensure private repositories do not have any forks A private repository should not have any forks. Github
Repository where private eq true should have fork_count eq 0
Ensure repositories are set to private The repository should be set to private. Github
Repository should have private eq true
Name Description Service Rule
Ensure no users have 2FA disabled The organization should not have any users with 2FA disabled. Github
Organization should have has_2fa_disable_users eq false
Ensure 2FA is required for the organization The organization should require all users to have 2FA enabled. Github
Organization should have two_factor_requirement_enabled eq true
Ensure no administrators are inactive The organization should have no inactive administrators (no activity for over 30 days). Github
Organization should have has_inactive_admin_users eq false
Ensure there are no inactive users The organization should have no inactive users (no activity for over 30 days). Github
Organization should have has_inactive_users eq false
Ensure private repositories do not have any forks A private repository should not have any forks. Github
Repository where private eq true should have fork_count eq 0
Name Description Service Rule
Ensure no users have 2FA disabled The organization should not have any users with 2FA disabled. Github
Organization should have has_2fa_disable_users eq false
Ensure 2FA is required for the organization The organization should require all users to have 2FA enabled. Github
Organization should have two_factor_requirement_enabled eq true
Do not allow admin users to bypass branch protection rules Admin users should not be allowed to bypass branch protection rules. Github
Repository should have branch_protection_rule_bypass_admin_user eq false
Ensure no gists are public The organization should not have any public gists. Github
Organization should have public_gists_count eq 0
Ensure branch protection rules prohibit deletion of the default branch The organization should have branch protection rules configured which prevent the default branch from being deleted. Github
Repository should have default_branch.protection_rule.allow_deletions eq false
Disable force-pushing on the default branch Force-pushing should not be enabled on the default branch. Github
Repository should have default_branch.protection_rule.allow_force_pushes eq false
Ensure no administrators are inactive The organization should have no inactive administrators (no activity for over 30 days). Github
Organization should have has_inactive_admin_users eq false
Ensure there are no inactive users The organization should have no inactive users (no activity for over 30 days). Github
Organization should have has_inactive_users eq false
Ensure private repositories do not have any forks A private repository should not have any forks. Github
Repository where private eq true should have fork_count eq 0
Ensure repositories are set to private The repository should be set to private. Github
Repository should have private eq true
Name Description Service Rule
Ensure no users have 2FA disabled The organization should not have any users with 2FA disabled. Github
Organization should have has_2fa_disable_users eq false
Ensure 2FA is required for the organization The organization should require all users to have 2FA enabled. Github
Organization should have two_factor_requirement_enabled eq true
Do not allow admin users to bypass branch protection rules Admin users should not be allowed to bypass branch protection rules. Github
Repository should have branch_protection_rule_bypass_admin_user eq false
Ensure no gists are public The organization should not have any public gists. Github
Organization should have public_gists_count eq 0
Ensure branch protection rules prohibit deletion of the default branch The organization should have branch protection rules configured which prevent the default branch from being deleted. Github
Repository should have default_branch.protection_rule.allow_deletions eq false
Disable force-pushing on the default branch Force-pushing should not be enabled on the default branch. Github
Repository should have default_branch.protection_rule.allow_force_pushes eq false
Ensure no administrators are inactive The organization should have no inactive administrators (no activity for over 30 days). Github
Organization should have has_inactive_admin_users eq false
Ensure there are no inactive users The organization should have no inactive users (no activity for over 30 days). Github
Organization should have has_inactive_users eq false
Ensure private repositories do not have any forks A private repository should not have any forks. Github
Repository where private eq true should have fork_count eq 0
Ensure repositories are set to private The repository should be set to private. Github
Repository should have private eq true
Name Description Service Rule
Ensure no users have 2FA disabled The organization should not have any users with 2FA disabled. Github
Organization should have has_2fa_disable_users eq false
Ensure 2FA is required for the organization The organization should require all users to have 2FA enabled. Github
Organization should have two_factor_requirement_enabled eq true
Do not allow admin users to bypass branch protection rules Admin users should not be allowed to bypass branch protection rules. Github
Repository should have branch_protection_rule_bypass_admin_user eq false
Ensure no gists are public The organization should not have any public gists. Github
Organization should have public_gists_count eq 0
Ensure branch protection rules prohibit deletion of the default branch The organization should have branch protection rules configured which prevent the default branch from being deleted. Github
Repository should have default_branch.protection_rule.allow_deletions eq false
Disable force-pushing on the default branch Force-pushing should not be enabled on the default branch. Github
Repository should have default_branch.protection_rule.allow_force_pushes eq false
Ensure no administrators are inactive The organization should have no inactive administrators (no activity for over 30 days). Github
Organization should have has_inactive_admin_users eq false
Ensure there are no inactive users The organization should have no inactive users (no activity for over 30 days). Github
Organization should have has_inactive_users eq false
Ensure private repositories do not have any forks A private repository should not have any forks. Github
Repository where private eq true should have fork_count eq 0
Ensure repositories are set to private The repository should be set to private. Github
Repository should have private eq true
Name Description Service Rule
Ensure no users have 2FA disabled The organization should not have any users with 2FA disabled. Github
Organization should have has_2fa_disable_users eq false
Ensure 2FA is required for the organization The organization should require all users to have 2FA enabled. Github
Organization should have two_factor_requirement_enabled eq true
Do not allow admin users to bypass branch protection rules Admin users should not be allowed to bypass branch protection rules. Github
Repository should have branch_protection_rule_bypass_admin_user eq false
Ensure no gists are public The organization should not have any public gists. Github
Organization should have public_gists_count eq 0
Ensure branch protection rules prohibit deletion of the default branch The organization should have branch protection rules configured which prevent the default branch from being deleted. Github
Repository should have default_branch.protection_rule.allow_deletions eq false
Disable force-pushing on the default branch Force-pushing should not be enabled on the default branch. Github
Repository should have default_branch.protection_rule.allow_force_pushes eq false
Ensure no administrators are inactive The organization should have no inactive administrators (no activity for over 30 days). Github
Organization should have has_inactive_admin_users eq false
Ensure there are no inactive users The organization should have no inactive users (no activity for over 30 days). Github
Organization should have has_inactive_users eq false
Ensure private repositories do not have any forks A private repository should not have any forks. Github
Repository where private eq true should have fork_count eq 0
Ensure repositories are set to private The repository should be set to private. Github
Repository should have private eq true
Name Description Service Rule
Ensure no users have 2FA disabled The organization should not have any users with 2FA disabled. Github
Organization should have has_2fa_disable_users eq false
Ensure 2FA is required for the organization The organization should require all users to have 2FA enabled. Github
Organization should have two_factor_requirement_enabled eq true
Do not allow admin users to bypass branch protection rules Admin users should not be allowed to bypass branch protection rules. Github
Repository should have branch_protection_rule_bypass_admin_user eq false
Ensure no gists are public The organization should not have any public gists. Github
Organization should have public_gists_count eq 0
Ensure branch protection rules prohibit deletion of the default branch The organization should have branch protection rules configured which prevent the default branch from being deleted. Github
Repository should have default_branch.protection_rule.allow_deletions eq false
Disable force-pushing on the default branch Force-pushing should not be enabled on the default branch. Github
Repository should have default_branch.protection_rule.allow_force_pushes eq false
Ensure no administrators are inactive The organization should have no inactive administrators (no activity for over 30 days). Github
Organization should have has_inactive_admin_users eq false
Ensure there are no inactive users The organization should have no inactive users (no activity for over 30 days). Github
Organization should have has_inactive_users eq false
Ensure private repositories do not have any forks A private repository should not have any forks. Github
Repository where private eq true should have fork_count eq 0
Ensure repositories are set to private The repository should be set to private. Github
Repository should have private eq true