GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → SvanBoxel → org-audit-action

SvanBoxel / org-audit-action

Licence: MIT license
GitHub Action that provides an Organization Membership Audit

Programming Languages

javascript
184084 projects - #8 most used programming language

Labels

auditmembershipmembership-querygithub-organizationgithub-action

Projects that are alternatives of or similar to org-audit-action

action-github-workflow-sync
Github Action To Sync Github Action's Workflow Files Across Repositories
Stars: ✭ 51 (+50%)
Mutual labels:  github-action
slsa-provenance-action
Github Action implementation of SLSA Provenance Generation
Stars: ✭ 34 (+0%)
Mutual labels:  github-action
changed-files
Github action to retrieve all (added, copied, modified, deleted, renamed, type changed, unmerged, unknown) files and directories.
Stars: ✭ 733 (+2055.88%)
Mutual labels:  github-action
github-action-publish-binaries
Publish binaries when new releases are made.
Stars: ✭ 123 (+261.76%)
Mutual labels:  github-action
setup-bats
GitHub Action to setup BATS testing framework
Stars: ✭ 25 (-26.47%)
Mutual labels:  github-action
aws-assume-role
GitHub action to assume subsequent AWS roles
Stars: ✭ 22 (-35.29%)
Mutual labels:  github-action
clang-format-action
GitHub Action for clang-format checking
Stars: ✭ 48 (+41.18%)
Mutual labels:  github-action
aud
Use `npx aud` instead of `npm audit`, whether you have a lockfile or not!
Stars: ✭ 24 (-29.41%)
Mutual labels:  audit
postgres-baseline
DevSec PostgreSQL Baseline - InSpec Profile
Stars: ✭ 47 (+38.24%)
Mutual labels:  audit
AspNetCore.Identity.RavenDB
RavenDB Storage Provider for ASP.NET Core Identity
Stars: ✭ 16 (-52.94%)
Mutual labels:  membership
terraform-aws-cloudtrail-s3-bucket
S3 bucket with built in IAM policy to allow CloudTrail logs
Stars: ✭ 38 (+11.76%)
Mutual labels:  audit
sqle
SQLE is a SQL audit platform | SQLE 是一个支持多场景,原生支持 MySQL 审核且数据库类型可扩展的 SQL 审核工具
Stars: ✭ 731 (+2050%)
Mutual labels:  audit
mpv-winbuild
Use Github Action to build mpv for Windows with latest commit.
Stars: ✭ 78 (+129.41%)
Mutual labels:  github-action
recent-activity
Add your recent activity to your profile readme!
Stars: ✭ 87 (+155.88%)
Mutual labels:  github-action
aushape
A library and a tool for converting audit logs to XML and JSON
Stars: ✭ 37 (+8.82%)
Mutual labels:  audit
restrict-cursing-action
Github Action to prevent cursing and bad language in issues and pull requests
Stars: ✭ 20 (-41.18%)
Mutual labels:  github-action
github-action-wpe-site-deploy
A GitHub Action to deploy code directly to WP Engine.
Stars: ✭ 116 (+241.18%)
Mutual labels:  github-action
action-netlify-deploy
🙌 Netlify deployments via GitHub actions
Stars: ✭ 32 (-5.88%)
Mutual labels:  github-action
ticket-check-action
Verify that pull request titles start with a ticket ID
Stars: ✭ 29 (-14.71%)
Mutual labels:  github-action
find-comment
A GitHub action to find an issue or pull request comment
Stars: ✭ 81 (+138.24%)
Mutual labels:  github-action
View All Similar Projects ➔

GitHub Membership Audit Action

GitHub Action that provides an Enterprise Account or Organization Audit of members, repositories and which permissions these members have. The output of this action is a published CSV file in the Actions tab. The user can also configure the action to publish the results to an issue.

The output looks like this running on enterprise mode:

enterprise organization repo user login permission
goodcorp goodcorp-os node-utils Vitor Monteiro bitoiu ADMIN
goodcorp goodcorp-os node-utils Richard Erwin rerwinx ADMIN
goodcorp goodcorp-os node-utils Kai Hilton-Jones evil-clone WRITE
goodcorp core innersource-docs Vitor Monteiro bitoiu ADMIN
goodcorp core innersource-docs Richard Erwin rerwinx READ

Action configuration overview

 - name: Membership Audit Log Action
      uses: svanboxel/org-audit-action@master
      with:
        ## `organization` and `enterprise` are mutually exclusive
        enterprise: 'goodcorp'  
        ## repo, read:org, read:enterprise (if running with enterprise option)
        token: ${{ secrets.TOKEN }}
        ## issue is optional
        issue: true
        ## samlIdentities is optional
        samlIdentities: true
        ## affiliation is optional - values are 'ALL', 'DIRECT' (i.e. members only) or 'OUTSIDE' (i.e. outside collaborators only)
        affiliation: 'ALL'

Example workflows

Depending on your needs you might want to trigger the audit on different events. The simplest one to test it out is to trigger the workflow on push. For this workflow to run properly you'll need to provide it with a secret personal access token from someone that is an org owner or from an application that has that privilege. Providing it a lesser scope might not show all the information for the organization.

Single org-audit audit on push (good for testing)

The action in the following workflow is configured to:

  • Work only on a single organization
  • Expose the linked SAML nameId field for your members if your organization is using SAML SSO and you want to retrieve this info (generally a corporate email address used to login with SSO)
  • Publish results also to an issue
on: push

jobs:

  audit_log:
    runs-on: ubuntu-latest
    name: Membership Audit Log

    - name: Membership Audit Log Action
      uses: svanboxel/org-audit-action@v1
      with:
        organization: 'octodemov2'
        token: ${{ secrets.TOKEN }}
        issue: true
        samlIdentities: true

Enterprise Account audit on a schedule (cron)

The action in the following workflow is configured to:

  • Work on an enterprise account
  • Publish results also to an issue
on:
  schedule:   
    # Once a week on Saturday 00:00
    - cron:  '0 0 * * 6'

jobs:

  audit_log:
    runs-on: ubuntu-latest
    name: Membership Audit Log

    - name: Membership Audit Log Action
      uses: svanboxel/org-audit-action@v1
      with:
        enterprise: 'goodcorp'
        token: ${{ secrets.TOKEN }}
        issue: true

Enterprise Audit triggered by an external service

Use a repository_dispatch event to trigger this workflow. The action in the following workflow is configured to:

  • Work on an enterprise account
  • Publish results also to an issue
on: repository_dispatch

jobs:

  audit_log:
    runs-on: ubuntu-latest
    name: Membership Audit Log

    - name: Membership Audit Log Action
      uses: svanboxel/org-audit-action@v1
      with:
        enterprise: 'goodcorp'
        token: ${{ secrets.TOKEN }}
        issue: true

Local testing

You can test this action locally by using the following command:

TOKEN=<github_token> ORGANIZATION=<organization name (or use ENTERPRISE=<enterprise_name>)> GITHUB_REPOSITORY=<owner>/<repository> node src/index.js

Help us improve it

Open an issue on: https://github.com/svanboxel/org-audit-action

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].