Check GitHub repo permissions for teams

[imilchev]

I would like to write a query and later a policy to validate which teams from my GitHub organization have access to a certain repository. I think, currently, this isn't possible.

From the perspective of github.organization.teams I can see a list of repos for each team but I cannot check what permissions are added for that particular repo.

From the perspective of github.repository I can see only collaborators but I cannot see the permissions.

My end goal is to be able to verify which team has "Write" permissions for my repo and I also want to make sure that there are no permissions set for individuals. I want permissions to be managed only by teams. For example, I don't want a user having direct "Write" access to the repo but it is okay if the user is in the proper team to have "Write" access.

Assuming this is not possible right now, I am wondering if it is technically possible and if what I am requesting makes sense.

[chris-rock]

We released many updates for the GitHub provider for organization and repository scan.

# scan single repo
cnspec scan github repo lunalectric/.github

# scan org with all reoos
cnspec scan github org lunalectric

# scan org with only a selected list of repos
cnspec scan github org lunalectric --repos "frontend,backend"