Skip to main content

GitHub repository visibility changed to public

ID:github_repository_made_public
Data type:GitHub
Severity:
Low

Description

AlphaSOC detected that a GitHub repository visibility was changed from private to public. This change exposes repository content, actions history, and workflow logs to anyone on the internet. Additionally, private forks become detached and convert into independent public repositories.

Impact

Changing a private repository to public exposes sensitive information to anyone on the internet. Exposed data can include source code and internal implementation details. Action workflow histories and logs become publicly visible, potentially revealing authentication tokens, credentials, and internal repository references. The change impacts private forks by detaching them into standalone repositories.

Severity

SeverityCondition
Low
GitHub repository visibility changed to public

Investigation and Remediation

Review the repository visibility change in GitHub audit logs to determine who made the change and when. If unintended, revert the repository back to private status immediately. Conduct a thorough review of repository contents, git history, and action logs for any exposed sensitive data or credentials. Rotate any potentially compromised tokens and review repository security settings.