Profile Applicability:
Level 1
Description:
The ability to delete repositories must be restricted to a defined group of authorized users or teams. This control helps prevent accidental or malicious deletion of repositories, preserving code integrity, historical data, and project continuity.
Rationale:
Limiting repository deletion reduces the risk of data loss and supports accountability. It ensures that repository removal is performed only by trusted personnel following appropriate approval processes, maintaining organizational security and compliance.
Impact:
Pros:
Protects critical code and project history.
Prevents accidental or unauthorized deletions.
Supports audit and compliance requirements.
Cons:
May require an approval process, potentially delaying necessary deletions.
Needs management of user permissions and regular review.
Default value:
By default, many platforms allow broad repository deletion permissions, sometimes including all admins or organization owners.
Audit:
Review platform permission settings to confirm repository deletion is limited to authorized users. Monitor audit logs for repository deletion events and verify compliance.
Remediation:
Configure repository platform permissions to restrict deletion rights. Establish formal procedures for repository deletion requests and approvals. Train users on repository management policies.
References:
GitHub Repository Deletion Permissions: https://docs.github.com/en/github/administering-a-repository/deleting-a-repository
GitLab Repository Deletion: https://docs.gitlab.com/ee/user/project/settings/#removing-a-project
CIS Controls v8, Control 6 – Maintenance, Monitoring, and Analysis of Audit Logs: https://www.cisecurity.org/controls/maintenance-monitoring-and-analysis-of-audit-logs/