Skip to content

Instantly share code, notes, and snippets.

@gitstua

gitstua/emu-enterprise-health-discussions.md

Last active August 29, 2023 06:48
Show Gist options
  • Save gitstua/0bd15c1c6e87e947010906bacc749376 to your computer and use it in GitHub Desktop.
Save gitstua/0bd15c1c6e87e947010906bacc749376 to your computer and use it in GitHub Desktop.
Download ZIP
EMU Enterprise
Raw
emu-enterprise-health-discussions.md

Purpose

This is a quick runthrough of some major considerations when you create an EMU enterprise. The ⚠️ symbol denotes the more critical questions to consider.

Identity

  1. Do you have more than one Enterprise Admin? ⚠️
  2. Have you setup billing managers? ⚠️
  3. Are you syncronizing IdP groups which you can link to GitHub Teams?

Policies

Repos

  1. Have you selected the types of repos you want your users to create? Private/internal
  2. Do you want forking enabled/disabled for all orgs?
  3. Who can change repo visibility between private and internal?
  4. Do you allow deletion/transfer of repos by members or just org owners?
  5. Do you allow issues to be deleted by members or just org owners?

Codespaces

  1. Are you enabling enterprise wide?

Copilot

  1. Will you block matching public code suggestions for all orgs? ⚠️
  2. Will you enable copilot chat in the whole enterprise or set at org level?
  3. Which orgs can enable Copilot? You can select a subset of orgs or the whole enterprise

Actions

  1. Will you allow self-hosted runners at repo level? ⚠️
  2. Will you allow Runners against personal EMU namespaces? ⚠️

Code security and analysis

  1. Will you get repo admins enable/disable secret scanning and code scanning?

Settings - Billing

  1. Have you set a spending limit and enabled alerts at 75/90/100%? ⚠️
  2. Have you setup billing emails? ⚠️
  3. Have you added an Azure subscription to payment information? ⚠️

Settings - Authentication Security

  1. Do you have your recovery codes from the setup user somewhere very safe? ⚠️
  2. Will you automatically redirect users to your sign in page?
  3. Have you enabled the IP allow list for your IdP? (OIDC) or set restrictions (SAML) ⚠️

Code security and analysis

  1. Have you at a minimum enabled push protection? ⚠️
  2. Have you enabled Dependabot by default to protect against supply chain attacks?
  3. Do you have a custom push protection URL to show to your users some help text?

Verified domains

  1. Have you added approved domains so you can make sure alerts don't go to domains you don't want to share with?

Audit log

  1. Audit Log Stream Enabled to keep over 3 months of logs if you require this? https://github.com/enterprises/stucorp/settings/audit-log/stream ⚠️⚠️⚠️
  2. Source IP Disclosure enabled? ⚠️
  3. Audit Log API Request Events Enabled? ⚠️

Support

  1. Have you set the members who can raise support cases with GitHub? (up to 20) ⚠️
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment