1. Org Default Permissions

More Info:

The default permission given to new organization users should be set to none. Read permissions risk exposing private repositories, while write or admin permissions risk sensitive access to repositories for new users.

Risk Level

Medium

Address

Security

Compliance Standards

Additional Reading: