GitHub Community
Pull Requests causing forks to be created...? #29185
-
|
I'm a Security Analyst at my company where we have a corporate Github instance. We monitor the instance for forks on the corp repos. We got an alert that a user forked a company repo, but when we spoke with him, he said that he only created a pull request on the repo and did not create a fork. Moreover, he was asked to make the same simple change to 4 repos, 3 of them were apparently forked to his account, but he maintains that he did not fork them. He showed us exactly what he did, and in no way that I saw should a fork have been created.
For privacy reasons I'm not able to share detailed information, but if there are questions I will do my best to answer and provide any supported documents or screenshots. Thanks! Rk |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
This is the common case if you make an edit through the web UI, really. If you don't have write access to the target repository it'll automatically create a fork, put the commit on a branch there, and open a PR. And talking about security that's an advantage, not a problem, because people can work on code without having direct write access. |
Beta Was this translation helpful? Give feedback.
-
|
After more digging, this looks like the answer. The user that is approving the pull requests, asked the user that created the pull to ask for write access to the main repo in order for the pull to be approved. This was seen on all the repos in question. Thanks! |
Beta Was this translation helpful? Give feedback.
This is the common case if you make an edit through the web UI, really. If you don't have write access to the target repository it'll automatically create a fork, put the commit on a branch there, and open a PR.
And talking about security that's an advantage, not a problem, because people can work on code without having direct write access.