The sheer scale of GitHub is evident in its user base: over 73 million developers and 4 million companies collaborate across more than 200 million repositories, making it the world’s largest source code site.
GitHub security can get increasingly complex and difficult to monitor as the organization’s teams expand. Additionally, hackers may be drawn to GitHub because of its hardcoded credentials, public repositories, and security flaws. We’ll discuss five GitHub enterprise best practices today and the reasons behind configuring them.
1. No storing login details on GitHub:
Storing sensitive information like API keys, database credentials, and private keys directly in GitHub repositories is a common shortcut developers take for convenience. This practice creates a major security vulnerability. Recent research indicates the alarming frequency of this issue, with approximately 3 out of every 1,000 code submissions to GitHub inadvertently exposing such secrets.
Sharing code on GitHub, while collaborative, conflicts with the need to protect private credentials. Unrevoked access, even for temporary developers, can lead to account compromise and exposure of sensitive information, including critical company secrets, resulting in serious security risks.
Storing secrets in GitHub risks source code leaks via accidental public repositories and compromised local developer environments, both offering attackers access to sensitive information and potentially causing severe security breaches.
2. Use MFA at all times
Strong passwords alone are no longer enough for security. Attackers have developed various proven techniques to steal credentials and gain unauthorized access to our accounts. Therefore, it’s essential to implement Multi-Factor Authentication (MFA) on the GitHub Solutions user accounts. Additionally, ensure that all GitHub users in your company also use MFA. To enforce this, navigate to Settings → Security → Authentication Security → Your Profile Photo → Your Organizations.
3. Exclude large files from your Git commits
The size of Git objects stored within the GitHub implementation is limited to ensure reliable performance. If you attempt to push commits containing files larger than 100MB, GitHub will reject them and display an error message.
We alert users who consume excessive disk space to enforce soft limitations, even though there is no specific limit on the size of a single repository. To optimize storage, we recommend saving binary files, such as images, zip files, Word documents, and PDFs, on alternative storage platforms like AFS or Google Drive.
4. Enable Two-Factor Authentication on your account
For a significant security improvement, enable two-factor authentication on your account. Even if an attacker compromises your username and password, they won’t be able to access your account without the two-factor code. While two-factor authentication is optional for enterprise GitHub setup, you can easily enable it through the User Settings menu under Security.
5. Authenticate with SSH keys rather than HTTPS
Because the NC State GitHub implementation operates in private mode, you must authenticate for all service interactions. Repeatedly entering your GitHub credentials for every push can be a hassle and slow down your workflow. With an HTTPS Git URL, each Git command will prompt you for your login credentials. Use an SSH key and the SSH Git URL for password-free Git operations. This method is also a requirement if you’ve enabled Two-Factor Authentication, as HTTPS Git URLs do not support the necessary security code.
Stay Secure in GitHub with Canarys
Canarys enable you with state-of-the-art Scalable GitHub Configurations that can help you to stay ahead of the time and always enjoy top-level security for your organization. Our GitHub integration with CI/CD is especially meant for large organizations that need resources to run and have more responsibilities to fulfil.