Ensure GitHub organization security settings require 2FA
Error: GitHub organization security settings does not include 2FA capability
Bridgecrew Policy ID: BC_ORG_GITHUB_1
Checkov Check ID: CKV_GITHUB_1
Severity: HIGH
GitHub organization security settings does not include 2FA capability
Description
Organization owners can require organization members, outside collaborators, and billing managers to enable two-factor authentication for their personal accounts, making it harder for malicious actors to access an organization's repositories and settings.
Enforce two-factor authentication:
-
In the top right corner of GitHub.com, click your profile photo, then click Your organizations.
Your organizations in the profile menu -
Next to the organization, click Settings.
The settings button -
In the "Security" section of the sidebar, click Authentication security.
-
Under "Authentication", select Require two-factor authentication for everyone in your organization, then click Save.
Require 2FA checkbox
Updated 7 months ago