Restrict SCM Repository Creation

Ensure source control management (SCM) systems enforce strict permissions for repository creation. Limiting this ability to authorized users or teams helps maintain governance, avoid shadow repositories, and reduce security risks.

Mitigation Steps

1. Enable repository creation restrictions in the SCM platform (e.g., GitHub, GitLab, Bitbucket). For example, in GitHub Enterprise:

   1. Navigate to Organization Settings > Member Privileges.
   2. Disable "Allow members to create repositories."
   3. Assign repository creation privileges to specific roles.

2. Use role-based access controls (RBAC) to assign repository creation permissions.

3. Audit and monitor newly created repositories regularly.
4. Implement approval workflows for repository creation, if supported by the SCM tool.

More information

• GitHub Docs - Restricting Repository Creation
• GitLab Docs - Role-based Access Controls
• Bitbucket Cloud - Managing Permissions