Confirmed users
1,364
edits
GitHub/Repository Security: Difference between revisions
Jump to navigation
Jump to search
m
replace unexpanded entities with hard quotes
m (removed unsupported source syntax language) |
m (replace unexpanded entities with hard quotes) |
||
| Line 1: | Line 1: | ||
= Overview and Purpose = | = Overview and Purpose = | ||
GitHub is a wonderful ecosystem with many extensions to make certain workflows easier. However, if you are in the 1% that host a | GitHub is a wonderful ecosystem with many extensions to make certain workflows easier. However, if you are in the 1% that host a "sensitive" repository on GitHub, you may want to follow the suggestions below. | ||
The permissions model on GitHub, especially for older OAuth authenticated apps, is quite broad -- what you enable for one project applies to all projects you have access to. | The permissions model on GitHub, especially for older OAuth authenticated apps, is quite broad -- what you enable for one project applies to all projects you have access to. | ||
| Line 26: | Line 26: | ||
; Elevated Permissions: | ; Elevated Permissions: | ||
: Any permission not available to a logged in GitHub member. For public repositories, this is | : Any permission not available to a logged in GitHub member. For public repositories, this is "push" access (which includes the ability to assign issues). For private repositories, it also includes the ability to read the repository. | ||
; Production Branch: | ; Production Branch: | ||
: Any branch that generates a release that is supported in some way. | : Any branch that generates a release that is supported in some way. | ||
; Release: | ; Release: | ||
: Any distribution of the code, or artifacts generated from the code, for external use. | : Any distribution of the code, or artifacts generated from the code, for external use. "Release" includes deployments to staging or production hardware, "code drops" into another project, and similar milestones. | ||
= Guidelines = | = Guidelines = | ||