# Managed Security Review for GitHub This page explains _managed_ security reviews for GitHub provided by Flatt Security. Note that Flatt Security may provide more policies than ones described here, depending on your support plans. ## To use managed security reviews By applying Shisho Cloud workflows to your organization, you'll see security review results soon: - [Workflows for CIS Software Supply Chain Security Guide v1.0.0](https://github.com/flatt-security/shisho-cloud-managed-workflows/tree/main/workflows/cis-benchmark/supplychain-v1.0.0) ## All managed review items | Title | Related Standards | Default Severity | ID in Shisho Cloud | | --------------------------------------------------------------------------------------------- | ----------------------- | ---------------- | --------------------------------------------------------------------------------------- | | Ensure the deletion of protected branches is limited | 1.1.17 (CIS SCC v1.0.0) | Medium | `decision.api.shisho.dev/v1beta:github_branch_deletion_policy` | | Ensure code owner’s review is required when a change affects owned code | 1.1.7 (CIS SCC v1.0.0) | Low | `decision.api.shisho.dev/v1beta:github_code_owners_review_policy` | | Ensure verification of signed commits for new changes before merging | 1.1.12 (CIS SCC v1.0.0) | Info | `decision.api.shisho.dev/v1beta:github_commit_signature_policy` | | Keep a default branch protected by branch protection rule(s) | 1.1.14 (CIS SCC v1.0.0) | Medium | `decision.api.shisho.dev/v1beta:github_default_branch_protection` | | Ensure force push code to branches is denied | 1.1.16 (CIS SCC v1.0.0) | Low | `decision.api.shisho.dev/v1beta:github_force_push_policy` | | Ensure linear history is required | 1.1.13 (CIS SCC v1.0.0) | Info | `decision.api.shisho.dev/v1beta:github_linear_history_policy` | | Ensure any change to code receives the enough number of approvals by authenticated users | 1.1.3 (CIS SCC v1.0.0) | Medium | `decision.api.shisho.dev/v1beta:github_minimum_approval_number_policy` | | Enforce two-factor authentication on GitHub organization(s) | 1.3.5 (CIS SCC v1.0.0) | Low | `decision.api.shisho.dev/v1beta:github_org_2fa_status` | | Ensure strict base permissions are set for repositories | 1.3.8 (CIS SCC v1.0.0) | Low | `decision.api.shisho.dev/v1beta:github_org_default_repository_permission` | | Ensure creation of GitHub public pages is restricted | | Low | `decision.api.shisho.dev/v1beta:github_org_members_permission_on_creating_public_pages` | | Ensure public repository creation is limited to specific members | 1.2.2 (CIS SCC v1.0.0) | Low | `decision.api.shisho.dev/v1beta:github_org_members_permission_on_creating_public_repos` | | Ensure forking of GitHub repositories is restricted | | Low | `decision.api.shisho.dev/v1beta:github_org_members_permission_on_private_forking` | | Ensure minimum number of administrators are set for the organization | 1.3.3 (CIS SCC v1.0.0) | Low | `decision.api.shisho.dev/v1beta:github_org_owners` | | Ensure branch protection rules are enforced for administrators | 1.1.14 (CIS SCC v1.0.0) | Low | `decision.api.shisho.dev/v1beta:github_protection_enforcement_for_admins` | | Ensure minimum number of administrators are set for the GitHub repository | 1.3.7 (CIS SCC v1.0.0) | Low | `decision.api.shisho.dev/v1beta:github_repo_admins` | | Ensure deletion of GitHub repositories is restricted | 1.2.3 (CIS SCC v1.0.0) | Low | `decision.api.shisho.dev/v1beta:github_repo_members_permission_on_deleting_repository` | | Ensure previous approvals are dismissed when updates are introduced to a code change proposal | 1.1.4 (CIS SCC v1.0.0) | Low | `decision.api.shisho.dev/v1beta:github_stale_review_policy` |