IP Allowlist / Allowed IP Addresses Support for Github Codespaces #112594
Unanswered
ElectroTiger
asked this question in
Codespaces
Replies: 1 comment
-
|
Big plus one on this! It is really sad that CodeSpaces cannot be used by organizations that takes their supply chain security seriously and use IP Allowlists on github. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Select Topic Area
Product Feedback
Body
Hi, I'm representing a company that uses Github Enterprise Cloud.
After reading a recent article about how a developer's leaked GitHub Personal Access Token (PAT) caused a data breach - I thought it would be a good idea for our organization to implement IP Address Whitelisting. To me, this IP Address Whitelisting acts as a "Second Factor" to the single factor that is a PAT; not only do you have to have the PAT, but you have to have an IP belonging to our company's external IP address.
However, our organization uses Github Codespaces very extensively - for absolutely everything we do, and per https://docs.github.com/en/enterprise-cloud@latest/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization#about-allowed-ip-addresses, Allowed IP Addresses are not compatible with Codespaces.
I wanted to provide the feedback that in the case of accidentally exposed Github secrets like the PAT - or even leaked OAuth accessed tokens, IP Address Whitelisting seems like a reasonable, effective, and easy mitigation for something that has been known to be the source of serious breaches - if only you guys could make it work with Codespaces.
Beta Was this translation helpful? Give feedback.
All reactions