CIS GitHub Benchmark v1.0.0
Profile Applicability: Level 1 Description: All build artifacts—such as binaries, libraries, packages, or container images—must include metadata detailing ...
Thu, 29 May, 2025 at 1:45 AM
Profile Applicability: Level 1 Description: Repository webhooks must be configured and secured to prevent unauthorized or malicious payloads from triggerin...
Thu, 29 May, 2025 at 1:46 AM
Profile Applicability: Level 1 Description: All changes made to the configuration settings of package registries (e.g., npm, Maven, PyPI) must be logged an...
Thu, 29 May, 2025 at 1:48 AM
Profile Applicability: Level 1 Description: Every version of a software artifact—such as binaries, libraries, packages, or container images—must have its d...
Thu, 29 May, 2025 at 1:48 AM
Profile Applicability: Level 1 Description: All artifacts uploaded to a package registry (such as npm, Maven, PyPI, or container registries) must have thei...
Thu, 29 May, 2025 at 1:49 AM
Profile Applicability: Level 1 Description: The number of administrator accounts for the package registry must be limited to the minimum necessary to perfo...
Thu, 29 May, 2025 at 1:50 AM
Profile Applicability: Level 1 Description: Anonymous or unauthenticated access to package artifacts in repositories or registries must be disabled. All ac...
Wed, 21 May, 2025 at 5:28 AM
Profile Applicability: Level 1 Description: User accounts and authentication for the package registry must be managed through centralized identity provider...
Thu, 29 May, 2025 at 1:52 AM
Profile Applicability: Level 2 Description: All users accessing the package registry must authenticate using Multi-Factor Authentication (MFA). MFA require...
Thu, 29 May, 2025 at 1:52 AM
Profile Applicability: Level 1 Description: Only a minimal number of authorized users should have permission to upload new artifacts to the package registr...
Thu, 29 May, 2025 at 1:53 AM