科技回声

This is a tool for auditing github organizations including their repos, users, and teams. It is useful for compliance, security and auditing.

Unfortunately, it leaves a lot to be desired. I've actually had to do a fair bit of GH access reporting myself recently and I can recommend the GraphQL API as it allows you to properly list direct and indirect permissions on repositories (org + team + direct collaborator) that are alot harder to do with the REST API due to its inconsistent permissions model.

Why audit when you can declare all of this in Terraform? <a href="https://registry.terraform.io/providers/integrations/github/latest/docs" rel="nofollow">https://registry.terraform.io/providers/integrations/github/...</a>

Awesome! I built something like this for $JOB-1 too. Unfortunately didn't get to open source this before I left.<p>I built in an a mechanism for policy checks too, e.g. to check that only an allowed list of repositories was public, and that permissions were only assigned through teams.

How about using steampipe for this?

This is super helpful!

This is a tool for auditing github organizations including their repos, users, and teams. It is useful for compliance, security and auditing.

How about using steampipe for this?

This is super helpful!

Show HN: GitHub Org Audit Tool

5 条评论

Show HN: GitHub Org Audit Tool

5 条评论