About this guide
As an organization owner, preventing exposure of private or sensitive data should be a top priority. Whether intentional or accidental, data leaks can cause substantial risk to the parties involved. While GitHub takes measures to help protect you against data leaks, you are also responsible for administering your organization to harden security.
There are several key components when it comes to defending against data leaks:
- Taking a proactive approach towards prevention
- Early detection of possible leaks
- Maintaining a mitigation plan when an incident occurs
The best approach will depend on the type of organization you're managing. For example, an organization that focuses on open source development might require looser controls than a fully commercial organization, to allow for external collaboration. This article provide high level guidance on the GitHub features and settings to consider, which you should implement according to your needs.
Secure accounts
Protect your organization's repositories and settings by implementing security best practices, including enabling 2FA and requiring it for all members, and establishing strong password guidelines.
-
Requiring organization members, outside collaborators, and billing managers to enable 2FA for their personal accounts, making it harder for malicious actors to access an organization's repositories and settings. For more information, see 在你的组织中要求进行双因素身份验证.
-
Encouraging your users to create strong passwords and secure them appropriately, by following GitHub’s recommended password guidelines. For more information, see 创建强密码.
-
Establishing an internal security policy in GitHub, so users know the appropriate steps to take and who to contact if an incident is suspected. For more information, see 将安全策略添加到存储库.
For more detailed information about securing accounts, see 确保帐户安全的最佳做法.
Prevent data leaks
As an organization owner, you should limit and review access as appropriate for the type of your organization. Consider the following settings for tighter control:
| Recommendation | More information |
|---|---|
| Disable the ability to fork repositories. | 管理仓库的复刻政策 |
| Disable changing repository visibility. | 限制在组织中更改仓库可见性 |
| Restrict repository creation to private or internal. | 限制在组织中创建仓库 |
| Disable repository deletion and transfer. | 设置删除或转让仓库的权限 |
| Disable the ability to use deploy keys. | 限制组织中的部署密钥 |
| Scope personal access tokens to the minimum permissions necessary. | None |
| Secure your code by converting public repositories to private whenever appropriate. You can alert the repository owners of this change automatically using a GitHub App. | Prevent-Public-Repos in GitHub Marketplace |
| Confirm your organization’s identity by verifying your domain and restricting email notifications to only verified email domains. | 验证或批准您组织的域 and 限制组织的电子邮件通知 |
| Prevent contributors from making accidental commits. | 从存储库中删除敏感数据 |
Detect data leaks
No matter how well you tighten your organization to prevent data leaks, some may still occur, and you can respond by using secret scanning, the audit log, and branch protection rules.
Use secret scanning
Secret scanning helps secure code and keep secrets safe across organizations and repositories by scanning and detecting secrets that were accidentally committed over the full Git history of every branch in GitHub repositories. Any strings that match patterns defined by you or your organization, are reported as alerts in the Security tab of repositories.
Your site administrator must enable secret scanning for your instance before you can use this feature. For more information, see 为设备配置密码扫描.
For more information about secret scanning, see 关于机密扫描.
还可以启用 secret scanning 作为存储库或组织的推送保护。 启用此功能时,secret scanning 会阻止参与者用检测到的机密来推送代码。 For more information, see 关于推送保护. Finally, you can also extend the detection to include custom secret string structures. For more information, see 为机密扫描定义自定义模式.
Review the audit log for your organization
You can also proactively secure IP and maintain compliance for your organization by leveraging your organization's audit log, along with the GraphQL Audit Log API. For more information, see 审查组织的审核日志 and 接口.
Set up branch protection rules
To ensure that all code is properly reviewed prior to being merged into the default branch, you can enable branch protection. By setting branch protection rules, you can enforce certain workflows or requirements before a contributor can push changes. For more information, see 关于受保护分支.
可以创建规则集作为分支保护规则的替代方法。 相比分支保护规则,规则集有更多的优势,例如它有状态,可发现性更好,而且无需管理员访问权限。 还可以同时应用多个规则集。 有关详细信息,请参阅“关于规则集”。
Mitigate data leaks
If a user pushes sensitive data, ask them to remove it by using the git filter-repo tool. For more information, see 从存储库中删除敏感数据. Also, if the sensitive data has not been pushed yet, you can just undo those changes locally; for more information, see the GitHub Blog (but note that git revert is not a valid way to undo the addition of sensitive data as it leaves the original sensitive commit in Git history).
If you're unable to coordinate directly with the repository owner to remove data that you're confident you own, you can fill out a DMCA takedown notice form and tell GitHub Support. Make sure to include the problematic commit hashes. For more information, see DMCA takedown notice.
注意
If one of your repositories has been taken down due to a false claim, you should fill out a DMCA counter notice form and alert GitHub Support. For more information, see DMCA counter notice.