Skip to content

Commit

Permalink
Explain what a 2FA null for GH means + remove useless data (#119)
Browse files Browse the repository at this point in the history 
Company is a self set field so this is pretty useless for an incident.
Also the user ID is a github internal number. Login is what you really
want and we already show that.

---------

Signed-off-by: Tim Smith <[email protected]>
Co-authored-by: Letha <[email protected]>
  • Loading branch information
@tas50 @misterpantz
tas50 and misterpantz authored Dec 20, 2023
1 parent 47a9bd4 commit 7f5e155
Showing 1 changed file with 33 additions and 30 deletions.
63 changes: 33 additions & 30 deletions core/mondoo-github-incident-response.mql.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ packs:
title: GitHub Organization MFA status
docs:
desc: |
This query retrieves whether MFA is required for users of the organization.
This query retrieves whether multi-factor authentication is required for users of the organization. A null value means the API token used to query the information doesn't have sufficient permissions in the organization. The API token must have owner permissions in the organization to access this data.
mql: |
github.organization.twoFactorRequirementEnabled
- uid: mondoo-incident-response-github-org-owners
Expand All @@ -59,21 +59,25 @@ packs:
This query retrieves all GitHub organization owners.
mql: |
github.organization.owners.length
github.organization { owners { name email login } }
github.organization {
owners {
name
email
login
}
}
- uid: mondoo-incident-response-github-org-members
title: GitHub Organization Members
docs:
desc: |
This query retrieves all of the members of the GitHub organization.
mql: |
github.organization.members.length
github.organization {
members {
name
company
login
email
id
github.organization {
members {
name
login
email
}
}
- uid: mondoo-incident-response-github-org-teams
Expand All @@ -82,16 +86,15 @@ packs:
desc: |
This query retrieves all GitHub organization teams.
mql: |
github.organization {
teams {
slug
privacy
defaultPermission
members {
login
email
company
name
github.organization {
teams {
slug
privacy
defaultPermission
members {
login
email
name
}
}
}
Expand All @@ -102,11 +105,11 @@ packs:
This query retrieves all of the public repositories within the GitHub organization. The query returns the repo's name and whether the default branch is [protected](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/about-protected-branches) using protection rules.
mql: |
github.organization.repositories.
where( private == false ) {
name
where( private == false ) {
name
branches.
where( isDefault ) {
protected
where( isDefault ) {
protected
}
}
- uid: mondoo-incident-response-github-packages
Expand All @@ -115,13 +118,13 @@ packs:
desc: |
This query retrieves the packages published to GHCR.io.
mql: |
github.organization {
packages {
name
visibility
packageType
owner {
name
github.organization {
packages {
name
visibility
packageType
owner {
name
}
}
}

0 comments on commit 7f5e155

Please sign in to comment.