CSA case study
Customer scenario
Our security team is asking for help ensuring proper reviews are being done to code being added into our repositories. We have hundreds of repositories in our organization.
- What is the best way we can achieve at scale?
- We are new to some of the out-of-the-box settings and the GitHub API.
Can you please help us create a solution that will accomplish this for our security team?
The Challenge
The technical solution to accomplish this is to listen for organization events to know when a repository has been created. When the repository is created, please automate the protection of the default (main) branch.
Notify yourself with an @mention in an issue within the repository that outlines the protections that were added.
Assumptions
Proposed Solution
Reference Links
Docs: https://docs.github.com/en
API: https://docs.github.com/en/developers/overview/about-githubs-apis
Webhooks: https://docs.github.com/en/developers/webhooks-and-events/webhooks/about-webhooks#events
==== https://docs.github.com/en/rest https://github.com/cbrgm/githubevents https://docs.github.com/en/developers/webhooks-and-events/webhooks/creating-webhooks