Ensure GitHub repository webhooks use HTTPs

Error: GitHub repository webhooks do not use HTTPs
Bridgecrew Policy ID: BC_REPO_GITHUB_3 or BC_REPO_GITHUB_TF_1
Checkov Check ID: CKV_GITHUB_7 or CKV_GIT_2
Severity: MEDIUM

GitHub repository webhooks do not use HTTPs

Description

Webhooks can be configured to use endpoints of your choosing, including whether TLS is enabled or not. Ensure you are using a webhook endpoint with encryption by using a standard HTTPS URL.

Fix - Buildtime

Terraform

  • Resource: github_repository_webhook
  • Attribute: insecure_ssl
resource "github_repository_webhook" "foo" {
...
  configuration {
-    url          = "http://google.com/"
+    url          = "https://google.com/"
-    insecure_ssl = false
+    insecure_ssl = false
  }

}