GitHub repository shouldn’t be public.
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | repositories |
| Provider | GitHub |
| Vulnerability Type | omission |
Description#
The configuration allows a GitHub repository to be public, making all its contents accessible to anyone on the internet. Sensitive code, credentials, or intellectual property stored in the repository are exposed without restriction.
Impact#
Attackers or unauthorized users can freely access, copy, and distribute the repository’s contents, potentially leading to data leaks, intellectual property theft, or compromise of other systems if secrets are exposed.
Resolution#
Make sensitive or commercially important repositories private