89
edits
Changes
Initial creation of the GHE overview page
= IT GitHub Project Overview =
== Purpose ==
IT will be managing and supporting GitHub (GH) Organizations (Orgs) in order to better provide consistent support, security posture, and grow the capabilities. (e.g. SAML)
This is primarily accomplished via an IT team (ghe-admins@mozilla.com) having ownership rites in the org.
== IT Involvement in KTLO ==
IT admins will be involved in the following, plus other things, as needed:
* Membership maintenance (on-boarding and off-boarding.)
* Private repository creation/recording
** Private repositories are a cost concern, a privacy/security concern, and due to their being hidden, often go orphaned, so we record them so SOMEONE knows about them.
* Interfacing with GitHub support if needed
* Working with Incident Response and CPG around issues that concern them
== Managing Org Ownership permissions ==
One of the known security changes we're working to implement is to limit the number of people with org owner permissions wherever possible. As part of induction, we'll be reaching out to the people with owner permissions and asking if they need this (at all, and in light of the duties that IT is now taking on)
* There are auth0, and duo and GHE costs related to keeping them, and various bits of upkeep - so we would like to remove them where feasible.
* Any remaining org owners will be required to have a "root" account, separate from their "daily driver" or "mortal" account.
== Ways to Reach IT ==
* Bugzilla - Please don't mark it as fully confidential without cc'ing in someone from the ghe-admins@ group. https://bugzilla.mozilla.org/enter_bug.cgi?product=mozilla.org&component=Github%3A+Administration
* Matrix - https://matrix.to/#/#github-admin:mozilla.org
* Email - github-admins@mozilla.com
== Unifying Secops Posture ==
Secops has been involved in the day to day maintenance in several orgs, but with IT admins taking that over they are able to focus on policy and procedure and trying to make sure that while there may be several policies to follow, they're documented and standardized (or as similar as is reasonable) and documented in some form.
GHE/SAML
One of the goals of this is to make onboarding/offboarding more consistent. In that vein, we're migrating organizations to GitHub Enterprise (GHE) and working to enable SAML linkages to help us identify and communicate with them
More information on the specific GHE/SAML process, and questions around it can be found [[GitHub/GHE_SAML_Overview|here]].
== Purpose ==
IT will be managing and supporting GitHub (GH) Organizations (Orgs) in order to better provide consistent support, security posture, and grow the capabilities. (e.g. SAML)
This is primarily accomplished via an IT team (ghe-admins@mozilla.com) having ownership rites in the org.
== IT Involvement in KTLO ==
IT admins will be involved in the following, plus other things, as needed:
* Membership maintenance (on-boarding and off-boarding.)
* Private repository creation/recording
** Private repositories are a cost concern, a privacy/security concern, and due to their being hidden, often go orphaned, so we record them so SOMEONE knows about them.
* Interfacing with GitHub support if needed
* Working with Incident Response and CPG around issues that concern them
== Managing Org Ownership permissions ==
One of the known security changes we're working to implement is to limit the number of people with org owner permissions wherever possible. As part of induction, we'll be reaching out to the people with owner permissions and asking if they need this (at all, and in light of the duties that IT is now taking on)
* There are auth0, and duo and GHE costs related to keeping them, and various bits of upkeep - so we would like to remove them where feasible.
* Any remaining org owners will be required to have a "root" account, separate from their "daily driver" or "mortal" account.
== Ways to Reach IT ==
* Bugzilla - Please don't mark it as fully confidential without cc'ing in someone from the ghe-admins@ group. https://bugzilla.mozilla.org/enter_bug.cgi?product=mozilla.org&component=Github%3A+Administration
* Matrix - https://matrix.to/#/#github-admin:mozilla.org
* Email - github-admins@mozilla.com
== Unifying Secops Posture ==
Secops has been involved in the day to day maintenance in several orgs, but with IT admins taking that over they are able to focus on policy and procedure and trying to make sure that while there may be several policies to follow, they're documented and standardized (or as similar as is reasonable) and documented in some form.
GHE/SAML
One of the goals of this is to make onboarding/offboarding more consistent. In that vein, we're migrating organizations to GitHub Enterprise (GHE) and working to enable SAML linkages to help us identify and communicate with them
More information on the specific GHE/SAML process, and questions around it can be found [[GitHub/GHE_SAML_Overview|here]].
