Security Policy violation Outside Collaborators

[allstar-app]

Security Policy Outside Collaborators is out of compliance, status:
Found 1 outside collaborators with admin access.

Issue created by Allstar. https://github.com/ossf/allstar

[allstar-app]

Updating issue after ping interval, status:
Found 1 outside collaborators with admin access.

[allstar-app]

Updating issue after ping interval, status:
Found 1 outside collaborators with admin access.

[allstar-app]

Updating issue after ping interval, status:
Found 1 outside collaborators with admin access.

[allstar-app]

Updating issue after ping interval, status:
Found 1 outside collaborators with admin access.

[allstar-app]

Updating issue after ping interval, status:
Found 1 outside collaborators with admin access.

[allstar-app]

Updating issue after ping interval, status:
Found 1 outside collaborators with admin access.

[allstar-app]

Updating issue after ping interval, status:
Found 1 outside collaborators with admin access.

[allstar-app]

Updating issue after ping interval, status:
Found 1 outside collaborators with admin access.

[slonka]

What can we do about it? Why isn't this issue actionable? @snowp can you help? (pinging you because the PR was merged by you)

[allstar-app]

Updating issue after ping interval, status:
Found 1 outside collaborators with admin access.

[snowp]

@jeffmendoza Can you advise here? The description isn't super clear

It might also be good to increase the ping interval, this is a bit spammy as is

[jeffmendoza]

The idea here is that outside collaborators (non-org members) shouldn't be administrators on repos. Either they should be part of the org, or only have push access. Administrators can change security related settings like branch protection.

[snowp]

@alyssawilk @mattklein123 Can either of you check up on this? I don't think I have the visibility into the repo settings.

Maybe there is some bot with admin access?

[mattklein123]

I think I fixed it. If there are any follow on permissions issues please let me know.

[allstar-app]

In compliance, closing.

[allstar-app]

Reopening issue. Status:
Did not find any owners of this repository
This policy requires all repositories to have an organization member or team assigned as an administrator. Either there are no administrators, or all administrators are outside collaborators. A responsible party is required by organization policy to respond to security events and organization requests.

To add an administrator From the main page of the repository, go to Settings -> Manage Access.
(For more information, see https://docs.github.com/en/organizations/managing-access-to-your-organizations-repositories)

Alternately, if this repository does not have any maintainers, archive or delete it.

[allstar-app]

Updating issue after ping interval. Status:
Did not find any owners of this repository
This policy requires all repositories to have an organization member or team assigned as an administrator. Either there are no administrators, or all administrators are outside collaborators. A responsible party is required by organization policy to respond to security events and organization requests.

To add an administrator From the main page of the repository, go to Settings -> Manage Access.
(For more information, see https://docs.github.com/en/organizations/managing-access-to-your-organizations-repositories)

Alternately, if this repository does not have any maintainers, archive or delete it.

[jeffmendoza]

@mattklein123 This is a new policy, can you check that it is working correctly? Are there any users or groups assigned to this repo with "admin" permissions? Thanks!

[allstar-app]

Updating issue after ping interval. Status:
Did not find any owners of this repository
This policy requires all repositories to have an organization member or team assigned as an administrator. Either there are no administrators, or all administrators are outside collaborators. A responsible party is required by organization policy to respond to security events and organization requests.

To add an administrator From the main page of the repository, go to Settings -> Manage Access.
(For more information, see https://docs.github.com/en/organizations/managing-access-to-your-organizations-repositories)

Alternately, if this repository does not have any maintainers, archive or delete it.

[allstar-app]

Updating issue after ping interval. Status:
Did not find any owners of this repository
This policy requires all repositories to have an organization member or team assigned as an administrator. Either there are no administrators, or all administrators are outside collaborators. A responsible party is required by organization policy to respond to security events and organization requests.

To add an administrator From the main page of the repository, go to Settings -> Manage Access.
(For more information, see https://docs.github.com/en/organizations/managing-access-to-your-organizations-repositories)

Alternately, if this repository does not have any maintainers, archive or delete it.

[mattklein123]

I made a change which will hopefully fix this.

[allstar-app]

Reopening issue. Status:
Did not find any owners of this repository
This policy requires all repositories to have an organization member or team assigned as an administrator. Either there are no administrators, or all administrators are outside collaborators. A responsible party is required by organization policy to respond to security events and organization requests.

To add an administrator From the main page of the repository, go to Settings -> Manage Access.
(For more information, see https://docs.github.com/en/organizations/managing-access-to-your-organizations-repositories)

Alternately, if this repository does not have any maintainers, archive or delete it.

[allstar-app]

Policy is now in compliance. Closing issue.