Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Require 2FA in all Github and GitLab repos #256

Open
sampierson opened this issue Apr 3, 2019 · 0 comments
Open

Require 2FA in all Github and GitLab repos #256

sampierson opened this issue Apr 3, 2019 · 0 comments
Labels
DevSecOps

Comments

@sampierson
Copy link
Member

As a DCP stakeholder, I want all developer accounts to be secured with 2FA, so that a compromised password alone won't allow malicious actors to inject malware into the DCP codebase.

It would be nice if we could just turn on the "everybody in this organization must have 2FA set up" GitHub feature, but we cannot, as there are many members of the organization peripherally attached to the HCA (Jamboree attendees) that don't have 2FA set up, and that we cannot contact and don't want to alienate by kicking them out of the org.

So an alternate strategy was devised to secure all the DCP component repos:

A transitional group has been created: "HCA" that contains all HCA members and has write access to all repos.

Each component team must now:

  • create or add their developers to a different group
  • give that group write-access to their repo(s)
  • remove write access from the "HCA" team

I'm going to create a ticket in all DCP component repos for this. My apologies if you have already completed this work. Just close the ticket for your team if you have.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
DevSecOps
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sampierson @brianraymor