More Info:

Allowing multiple users admin or push access to organization repositories places the organization at risk for contributions that can be pushed without review.

Risk Level

Low

Address

Security

Compliance Standards

Remediation

Using Console

Sure, here are the step-by-step instructions to remediate the excessive number of Repo admins issue in GitHub using the GitHub console:

  1. Log in to your GitHub account and navigate to the repository in question.
  2. Click on the “Settings” tab in the repository menu.
  3. Scroll down to the “Manage access” section and click on it.
  4. Identify the users who have been granted admin access to the repository.
  5. Click on the “Edit” button next to each user’s name.
  6. In the “Role” dropdown, select “Collaborator” instead of “Admin”.
  7. Click on the “Update” button to save the changes.
  8. Repeat steps 5-7 for each user who has been granted admin access to the repository.
  9. Once all the users have been downgraded to collaborator access, review the access list to ensure that only the necessary users have access to the repository.

That’s it! By following these steps, you should be able to remediate the excessive number of Repo admins issue in GitHub.

Using CLI

To remediate the excessive number of Repo admins in GITHUB, you can follow these steps using GITHUB CLI:

  1. List all the repository admins:
gh api /repos/{owner}/{repo}/collaborators --paginate | grep login
  1. Identify the admins that need to be removed and remove them:
gh api -X DELETE /repos/{owner}/{repo}/collaborators/{username}

Note: Replace {owner} and {repo} with the name of your repository and {username} with the username of the admin that needs to be removed.

  1. Verify that the admins have been removed:
gh api /repos/{owner}/{repo}/collaborators --paginate | grep login
  1. If necessary, add new admins:
gh api -X PUT /repos/{owner}/{repo}/collaborators/{username} --data '{"permission":"admin"}'

Note: Replace {owner} and {repo} with the name of your repository and {username} with the username of the new admin that needs to be added.

  1. Verify that the new admins have been added:
gh api /repos/{owner}/{repo}/collaborators --paginate | grep login

By following these steps, you can remediate the excessive number of Repo admins in GITHUB using GITHUB CLI.

Using Python

To remediate the excessive number of repository admins in GitHub using Python, you can follow these steps:

  1. Connect to the GitHub API using the PyGithub library.
from github import Github

# Create a Github instance using an access token
g = Github("<access_token>")
  1. Get the list of all the repositories in the organization.
# Get the organization object
org = g.get_organization("<org_name>")

# Get the list of repositories in the organization
repos = org.get_repos()
  1. Iterate through each repository and get the list of admins.
for repo in repos:
    # Get the list of admins for the repository
    admins = repo.get_collaborators("admin")
  1. Check if the number of admins is greater than the maximum allowed number.
    # Check if the number of admins is greater than the maximum allowed number
    max_admins = 5
    if len(admins) > max_admins:
  1. Remove the excess admins from the repository.
        # Remove the excess admins from the repository
        for admin in admins[max_admins:]:
            repo.remove_from_collaborators(admin)
  1. Repeat the above steps for all the repositories in the organization.
# Complete code
from github import Github

# Create a Github instance using an access token
g = Github("<access_token>")

# Get the organization object
org = g.get_organization("<org_name>")

# Get the list of repositories in the organization
repos = org.get_repos()

# Iterate through each repository and remove excess admins
max_admins = 5
for repo in repos:
    # Get the list of admins for the repository
    admins = repo.get_collaborators("admin")
    
    # Check if the number of admins is greater than the maximum allowed number
    if len(admins) > max_admins:
        # Remove the excess admins from the repository
        for admin in admins[max_admins:]:
            repo.remove_from_collaborators(admin)

Note: Replace <access_token> and <org_name> with your GitHub access token and organization name respectively. Also, adjust the value of max_admins as per your organization’s policy.

Additional Reading: