Disable GitHub code spaces for all non-public repos
Categories
(mozilla.org :: Github: Administration, task)
Tracking
(Not tracked)
People
(Reporter: hwine, Assigned: cknowles)
Details
tl;dr: Disable the ability for code spaces to be used for private and internal repositories for all managed GitHub organizations.
Recent (2023-07?) GitHub gave enterprise admins the ability to restrict use of Code Spaces to only public repos. We should implement the restriction across all Mozilla organizations until an RRA has been performed (which won't happen until someone requests such an RRA).
Note: this is not a denial of future enablement of Code Space usage for private and internal repositories. Rather, we need someone to have a use case for them to request an RRA to determine the proper guidelines.
Note: If an RRA shows codes spaces are suitable for use with non-public Mozilla repos, then we also need to decide "who pays". Security's interest may be in the log files generated -- will those need to be routed to SIEM system. I.e. a possible answer will be "can be used, but only if Mozilla pays".
|
Assignee | |
Comment 1•2 years ago
|
||
As discussed in meetings, only the pocket org is using codespaces with private/internal repos that we can detect. Wrote an email to the individual involved with details and asking for more information.
In the meantime, have gone through the rest of the orgs we directly control and set private/internal codespaces to disable.
Will leave this open until we have answers about pocket.
|
|
Assignee | |
Comment 2•2 years ago
|
||
And as suspected it was a test, without immediate need - so I've adjusted pocket to match the rest of the enterprise.
I think that actually closes this out - so let me know if there are any questions/concerns.
Description
•