2/8/2023 GitHub Administration Flashcards
(40 cards)
What are best practices for the team-level organization (3)
Nested teams to reflect your group or companys hierarchy (Can nest teams)
Create teams based on interest or specific technology to help streamline review process “Steel-thread”
Enable team sync between identity provider and Github
What permissions does an Admin or Team Maintainer have? (5 total)
*hint “Team lvl”
Create, Modify, Delete a team
Add or remove outside collaborators
Allow/disable team discussions
Change visibility of team within org
Manage automatic code review assignments for pull requests
What permissions does an Admin at the Organization level have? (6 total)
Invite users to join org
Organize users into a team and grant “Team Maintainer” permissions
Add/remove outside collaborators
Set up security within org
set up billing or assign billing manager
Apply org wide changes
Explain each level of github hierarchy and purpose (Team, Org, Enterprise)
Team - Creating teams in your organization
Organization - Shared spaces enabling users to collaborate across many projects at once
Enterprise - Allows owners to centrally manage policy for multiple organizations
How many action minutes and storage can be stored for GitHub (Free, Pro/Team, Enterprise)
Free: 2k minutes per month (private & public) w/ 500MB of storage
Team/Pro: 3k minutes per month w/ 2GB of storage
Enterprise: 50k minutes per month w/ 50GB of storage
What features do you get with Github Enterprise? (7 total)
Access Control for GH pages
Centralized Billing
99.9 SLA uptime
Security, compliance, and deployment controls
SSO
GH Connect
Option to purchase GHAS
What are the runner costs for Windows, Linux, and Mac OS’s?
- Linux is 1 for 1 (1min using a runner costs 1min on your acct)
- Windows is 2 for 1 (1min using a runner costs 2mins on your acct)
- macOS is 10 for 1
*By default you cant spend over your minutes unless you increase your spending limit then you will be charged for what you use
How do you calculate storage usage?
Storage Amount * # of days * hours per day / [total hours per month]
*Repeat this formula for various storage amounts throughout the month
What is the “SECURITY.md” file used for?
For contributors to report or address security issues/bugs located in the root repo
(Way to responsibly disclose concerns)
What are security Advisories?
Allow for repo maintainers to privately discuss and fix a security vulnerabilities within a project.
What is the purpose of the “.gitignore” file?
Preventive control to decrease the likelihood of committing sensitive information
“A file that tells Git to ignore paths and patterns when aggregating files for a commit”
NOTE:
*Only as strong as settings are written (files can slip through)
*Assume any data committed has been compromised
What is a CodeOwner and what is the purpose of a CodeOwner file?
Assigns teams or individuals as code owners.
Owners are pull-request reviewers
*Files can be created in root, docs, or .github folder
What are common community health files found at an organizational level? (6 total)
Code of Conduct (md file)
Contributing (md file)
Funding (yml file)
config (yml file)
Security (md file)
support (md file)
What is branch protection? (1)
What are rules put in place with branch protection? (4)
Enforce certain workflows for one or more branches
- Review Approvals
- Status checks
- Build complete
- Linter “typos and conformation”
What are key security settings available to administrators? (6 Total)
Access restrictions
Security Documentation
Advisories
Dependabot Alerts
Security Updates
Github Dependency Graph
What is the purpose of a pre-commit hook?
Automated check prior to committing that looks for sensitive information stored within code
What are two tools to scrub your repo if sensitive information has been committed to your repo?
BFG Repo-Cleaner
- East and efficient (set of default actions) however limited in its capabilities / less
ability to customize
git filter-repo
- syntax is complex and strong risk of creating unforeseen problems in a repos
integrity (especially in windows env)
*Once sensitive information is removed you must force push your changes to GitHub “git push –force”
*May need to contact GitHub support for further assistance.
What are two ways to log information? (Compliance, Internal Purposes)
GraphQL API
What information should be included in a security advisory (4)
Product and versions affected
Severity
Types of security weaknesses addressed by the project owner actions
Impact, status of patches, and workarounds
What two pieces of information are included in your orgs log?
User that performed the action
Data and time of the action
What SSO providers does GitHub currently support? (6)
ADFS
Azure AD
Okta
OneLogin
PingOne
Shibboleth
*You need to enforce this via org setting
*Github will remove any user of the org that has not authenticated successfully with SAML IdP
What kinds (types) of 2FA does GitHub support (3)
Security Keys
TOTP
SMS
*You can review for user compliance and revoke access who are not compliant
What does SCIM stand for?
What does SCIM do?
Systems Cross-domain Identity Management - add, manage, or remove org members access within GitHub
What are SCIM usage limitations when using Team Sync and what happens when you exceed this?
Unexpected performance and sync failures
Max for # of members in a GitHub Team: 5k
Max for # of members in a GitHub Organization: 10k
Max for # of teams in a GitHub Organization: 1500
