I have a doubt the security of private repository protection.
How is the scenario:
A. I have access to the company’s private repository and I can clone the repository to my private laptop. I can work with repo without problem, then I have the necessary access to work.
B. I have another git account, my account. With this account, I can create a new repository and take a git push from the company private repo, that I have been cloned to my private laptop before and now it becomes a public repository, on my account.
My question is: How I can prevent this action because it is a security issue. After all, the company’s code is part of its business rules of them. Is there any possibility to prevent this?
CodePudding user response:
Let's forget everything about git
and code for a moment.
What prevents a user with access from private material from republishing it anywhere at all? Answer: nothing. If a user can download the material, republishing it in a public forum is trivial. The Digitial Rights Management (DRM) effort has been trying to stop pirating of copyright protected material with various levels of success for decades.
So, returning to code and git
, regardless of whether its github/gitlab/gitea/etc, there is nothing that can be done to protect against code leaks. A company must trust their employees with access that they will not publicly publish code or any other material. This is often further re-enforced with legal agreements between the employer and the employee.