My organization has a private repo and we've brought on a few contractors and given them access to the code base.
These contractors have been forking the code base, and I wanted to evaluate the potential security implications of that.
Could any of these forkers make the code public if they choose to?
If their access is removed from the original project, will their access to the forked repo also be removed?
Could any of these forkers make the code public if they choose to?
Yes, they can push it to a new public Git repo (on GitHub or any other Git hosting service)
If their access is removed from the original project, will their access to the forked repo also be removed?
See "Removing a collaborator from a personal repository"
While forks of private repositories are deleted when a collaborator is removed, the person will still retain any local clones of your repository.
For a better security, contractors usually operate on PCs inside the organization through VPN. Those PCs can then limit or prevent internet access.
Related
I still own and contributed to a few private repos in an organization account of my former job. Currently I don't have access to these repos, but keep getting notifications from them. Is there a way to disown or remove myself from these repos? Going to "Repositories" in Settings doesn't help, as these repos are not listed there.
I recently created a private git repository for a project with my friends but I don't want all of them to be collaborators. Can I give some of them the ability to only create pull requests and not merge them?
You could have used protected branches, but they are only available with private repositories for GitHub pro, not GitHub free.
One workaround is simply to create a second private repository for your friends: thy can push to it, and make pull requests to your private repository from there.
I am the owner of a private GitHub repository. Somebody else (student1) forked it a while ago and has done some work on his fork. Now I need somebody else (student2) to pull those changes and work off of them. However, he cannot access student1's fork at all. Trying to git pull provides an error about not being able to find it. Student2 can also not see student1's fork on GitHub's website.
Everybody is added as a collaborator. I can access all forks (I am the original owner of this repository). I tried removing student2 and adding him back but it changed nothing. I tried inviting another friend (let's say student3) and he can fork but also cannot see other forks. In the past, I distinctly recall any users added as collaborators being able to pull from other forks so I am not sure why this isn't working.
All I see is "Find another repository to fork"
You can fork any private repository you can access to your user account or any organization on GitHub Team or GitHub Enterprise in which you have repository creation permissions.
Maybe this is possible through an organization, where you can change member privileges.
So, my question is:
How to access private repositories of Bitbucket/Github or any other online web-based version control repository hosting service.
Any feedback is most welcome.
Thanks
Steve Washer
I'll only speak for github as a daily github user. The only way to access them is either by being member of the repository or outside collaborator of the repository. Owner of the repo can add you to it in the repository Settings.
Another way is to ask any of the members to provide you the personal access token, which you could use to read the repository via the API. This is however, unsafe.
Yet another way is asking the repository owner or any repo user to add your public SSH key to his account so you may have repo access (clone, commit) without ability to view it on github.com
Summary: you always need to talk to the owner or any of the current repository members. Private repo will never be accessible otherwise.
I made a repo just now and commit the first version. This repo should be made private. During the time when finishing payment and changing from public to private, someone has forked this repo.
I read the introduction of github, it says If I change a public repo to a private one, the existing forks will be kept in a separate network, it means it will still exists.
So I want to know, can I request github workers to delete this existing fork? I must keep this repo private, it has some confidential information. I think github worker should help to make it.
You can, but any local clone of that fork can then be pushed again to a new non-forked repository. Created on GitHub or elsewhere.
So it really depends on when that fork was created: if it was after you started to put confidential information, said sensitive data are not safe (ie could be made public again) even if the fork were to be deleted.