Skip to main content

GitHub repository ruleset modified

ID:github_repository_ruleset_modified
Data type:GitHub
Severity:
Informational
MITRE ATT&CK:TA0004:T1098

Description

AlphaSOC detected changes to a GitHub repository ruleset. Rulesets define security policies and access controls for repositories. Modifications to rulesets may alter branch protection rules, bypass permissions, and security enforcement settings.

Impact

Changes to repository rulesets can weaken security controls, allowing unauthorized code changes, bypassing of required reviews, and modification of critical branches. This creates opportunities for code tampering, malicious commits, and compromise of the software development lifecycle.

Severity

SeverityCondition
Informational
GitHub repository ruleset modified

Investigation and Remediation

Review GitHub audit logs to identify the user who modified the ruleset and specific changes made. Compare current ruleset configuration against approved security baselines. If unauthorized changes occurred, revert modifications, investigate user access, and implement stricter controls on ruleset management. Enable branch protection rules and require multi-party reviews for ruleset changes.