For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/security/code_security/iac_security/iac_rules/terraform-github-repository-set-to-public.md. A documentation index is available at /llms.txt.

GitHub repository set to public

This product is not supported for your selected Datadog site. ().

Metadata

Id: terraform-github-repository-set-to-public

Provider: GitHub

Platform: Terraform

Severity: Medium

Category: Insecure Configurations

Learn More

Description

Repositories must be set to private. This requires the visibility attribute to be set to private and/or the private attribute to be true. If both are defined, visibility takes precedence over private.

Compliant Code Examples

resource "github_repository" "negative1" {
  name        = "example"
  description = "My awesome codebase"

  private = true

  template {
    owner = "github"
    repository = "terraform-module-template"
  }
}

Non-Compliant Code Examples

resource "github_repository" "positive1" {
  name        = "example"
  description = "My awesome codebase"

  template {
    owner = "github"
    repository = "terraform-module-template"
  }
}

resource "github_repository" "positive2" {
  name        = "example"
  description = "My awesome codebase"

  private = false

  template {
    owner = "github"
    repository = "terraform-module-template"
  }
}

resource "github_repository" "positive3" {
  name        = "example"
  description = "My awesome codebase"

  private = true
  visibility = "public"

  template {
    owner = "github"
    repository = "terraform-module-template"
  }
}