Granting External Access to a Private Git Repository in GitHub
To perform an in-depth cyber security risk assessment, it is required to access the Source Code Management (SCM) system and conduct a code review assessment, including third-party packages analysis, examine build files, and more. This process needs to be performed cautiously to avoid unintended interaction with the original customer’s code.
Please follow these steps to provide us access to a forked repository:
1. Make sure that the relevant repository is on Private visibility.
2. On the right panel of the original repository name, click “Fork” to create an independent snapshot of this repository, and then click on the “Create fork” button.
3. On the forked repository, click on Settings.
4. Go into the “Collaborators and teams” section under the “Access” category and click “Add people”.
5. Copy the email address [email protected] to the search field and choose “Invite to {RepositoryName}”.
6. Verify that the role is checked on “Read” privileges and click “Add [email protected] to this repository”.
7. On the same page, under the Base Role section, click on the “Manage” button to edit the created member privileges.
8. Allow the option of forking private repositories and save the changes. It will not apply this option on all the repositories by default.
9. Go back to the forked repository and access the Settings tab. Under the General section, a new feature will be displayed named “Allow forking”. Check this box to allow us to create a separate snapshot of the repository we have just been granted access with.
10. We will receive a notification regarding the invitation to this repository. Once accepted, we will have collaborator access to the repository.
11. If the “Allow forking of private repositories” option was disabled, disabled it again.