Github Security

Reference

• https://help.github.com/articles/github-security/
• https://help.github.com/articles/what-are-the-different-access-permissions/
• https://help.github.com/articles/keeping-your-organization-secure/

Case Studies

• Kakao : https://enterprise.github.com/case-studies/kakao
• NASA JPL : https://enterprise.github.com/case-studies/jpl
• SAP : https://enterprise.github.com/case-studies/sap

기본적으로 Repository를 Clone 할 수 있는 URL에는 HTTPS 와 SSH가 있다.

HTTP or HTTPS Permission (Only Private Repository)

➜ git git clone https://github.com/yogiyo/Yogiyo_Web Cloning into 'Yogiyo_Web'... Username for 'https://github.com':   ➜ git git clone https://github.com/yogiyo/Yogiyo_Web Cloning into 'Yogiyo_Web'... Username for 'https://github.com': wingsh Password for 'https://wingsh@github.com': remote: Invalid username or password. fatal: Authentication failed for 'https://github.com/yogiyo/Yogiyo_Web/'

SSH Key Permission

➜ git git clone git@github.com:atto-test/atto-test.git Cloning into 'atto-test'... The authenticity of host 'github.com (192.30.252.130)' can't be established. RSA key fingerprint is SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'github.com,192.30.252.130' (RSA) to the list of known hosts. Permission denied (publickey). fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists.

SSH Key 제거 후, 접근 시 https://github.com/yogiyo/Yogiyo_Web/pull/2804#issuecomment-217333654

그러나 Private Repository라도 해당 Repository에 Access 할 수 있다면 Clone 또는 Download ZIP 기능을 사용할 수 있으니 주의해야 한다.

개인이 보안을 강화할 수 있는 방법에는 2단계 인증이 있다.

2단계 인증(Two-Factor authentication)

Github 계정을 가지고 있다면, 개인 계정의 ssh key를 Settings > SSH and GPG keys > SSH keys에 넣으면 되고,

없을 경우엔 Repository > Settings > Deploy keys에 넣으면 된다.

Audit

https://github.com/organizations/atto-test/settings/audit-log

Block users

https://github.com/organizations/atto-test/settings/user_blocks

Permission level for an organization

	Owners	Members
Desription	Full administrative access	Customizable access
See all other members
Create teams
Mention teams
See all teams
See all repositories
Create repositories
Invite new members
Access to billing

Repository permission levels for an organization

Repository action	Read permissions	Write permissions	Admin permissions	Owner permissions
Pull (read), push (write), and clone (copy) all repositories in the organization
Promote organization members to team maintainer
Convert organization members to outside collaborators
Create repositories (see "Creating repositories" for details)
Delete repositories (see "Deleting repositories" for details)
Change a repository's settings (see "Changing repository settings" for details)
Change a repository's visibility
Transfer repositories into, and out of, the organization account
Add a repository to a team (see "Adding a repository to a team" for details)
Add outside collaborators to a repository
Pull from (read) the team's assigned repositories
Push to (write) the team's assigned repositories
Fork (copy) the team's assigned repositories
Send pull requests from forks of the team's assigned repositories
Merge and close pull requests
Open issues
Close, reopen, and assign issues
Close issues they opened themselves
Apply labels and milestones
Have an issue assigned to them
Create and edit releases
View draft releases
View published releases
Edit and delete their own comments on commits, pull requests, and issues
Edit and delete anyone's comments on commits, pull requests, and issues
Edit wikis
Create statuses