Ensure GitHub organization security settings require 2FA
Error: GitHub organization security settings does not include 2FA capability
Bridgecrew Policy ID: BC_ORG_GITHUB_1
Checkov Check ID: CKV_GITHUB_1
Severity: HIGH
GitHub organization security settings does not include 2FA capability
Description
Organization owners can require organization members, outside collaborators, and billing managers to enable two-factor authentication for their personal accounts, making it harder for malicious actors to access an organization's repositories and settings.
Fix - Buildtime
GitHub
Enforce two-factor authentication:
- In the top right corner of GitHub.com, click your profile photo, then click Your organizations.
- Next to the organization, click Settings.
- In the "Security" section of the sidebar, click Authentication security.
- Under "Authentication", select Require two-factor authentication for everyone in your organization, then click Save.
Updated 10 months ago