Use AAL2/3 Passkeys for Non-Interactive GitHub Access
tip
This check is currently under development and not yet implemented. Click here to learn how you can help.
Use Case
- Incubating: recommended
- Active: recommended
- Retiring: recommended
Description
Non-Interactive Github: Use a passkey (AAL2) or hardware key (AAL3) that activates using a password or biometrics
Details
- C-SCRM: true
- Priority Group: R1
- Mitre: CWE-308
- Sources: OpenSSF Great MFA Project Security Rationale
- How To: Github Docs