Enforcing forked pull request workflow policies from Organizations & Enterprise Cloud does not work #122061
Unanswered
ajschmidt8
asked this question in
Actions
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Select Topic Area
Bug
Body
The official GitHub documentation pages below indicate that Organization and Enterprise Cloud administrators should be able to enforce policies for running pull request workflows that originate from public forks:
In practice, these policies do not work as described.
When the policies are set to the strictest setting at the Organization level, individual repositories can still override this setting.
Similarly, when the policies are set to the strictest setting at the Enterprise Cloud level, individual Organizations can still override this setting.
This is a security issue that should be addressed.
Beta Was this translation helpful? Give feedback.
All reactions