GitHub Teams governance docs

This is the public knowledge base for GitHub Teams, team permissions, repo access control, and permission drift in private engineering orgs.

If your real problem is stale admins, direct grants, broad repo visibility, unclear GitHub team ownership, or slow offboarding, start here. The aim is to make repod the most useful practical source on this narrow problem space, not to publish generic GitHub content.

Start Here

If you read one page first, read the governance guide

The governance guide is the broad operating model. The audit checklist is the fastest route if you already have a live access mess. The GitHub Teams guide helps when team structure and permissions are part of the problem.

Guide

GitHub governance and permission drift guide

The broad operating model for naming, team structure, least privilege, branch policy, ownership, and repo lifecycle.

Read the governance guide

Guide

GitHub repository permissions audit checklist

A practical checklist for stale admins, direct grants, external collaborators, inherited access, service accounts, and audit evidence.

Read the audit checklist

Guide

GitHub Teams guide

Structure GitHub Teams, team access, repository permissions, and broad membership groups without turning inheritance into a guessing game.

Read the GitHub Teams guide

Problem-first guides

Guide

GitHub repo access audit guide

Identify stale admins, repository roles, direct grants, inherited access, and external collaborator risk in a private org.

Read the audit guide

Guide

GitHub Team permissions vs direct access

Compare GitHub Team permissions and direct repository grants, including drift risk and when exceptions are justified.

Read the comparison guide

Guide

Blanket GitHub write access risk

Explain why all-repository write access is different from easy contribution, especially when Actions, secrets, packages, and branch rules are involved.

Read the blanket write guide

Guide

Restrict repo visibility to one team

Keep a private repository visible only through the right team, with minimal base-org access and a clearer nested-team model.

Read the repo visibility guide

Guide

GitHub offboarding playbook

Remove access cleanly when staff, contractors, or vendors leave, and stop temporary exceptions from lingering.

Read the offboarding playbook

Use cases and solutions

Tool

Free GitHub access audit for repo access

See what the free audit checks, sample access findings, required permissions, and when it helps most.

See the free audit tool

Solution

GitHub access audit tool

Problem-first commercial page for teams that need a faster way to inspect and fix GitHub access drift.

See the solution page

Solution

GitHub governance for fractional CTOs

Client-ready workflow for fractional CTOs to find GitHub access drift, direct grants, stale teams, and governance risk fast.

See the CTO page

Use Case

Private repo visibility

Focused use case for private orgs where broad base visibility is not acceptable and sensitive repos must stay behind the right team boundary.

Read the use case

repod workflows

Use these when the question has moved from “what is wrong with GitHub access?” to “how do we safely change it?”

Workflow

Export, review, and apply GitHub repo-team access changes

Export, review, and apply GitHub repo-team access changes in repod with a reviewable diff.

Read the workflow guide

Workflow

Nested-team visibility in repod

Review broad access paths, clean up repo-team mappings, and operate a nested-team visibility model with a reviewable diff.

Read the nested-team workflow guide

Workflow

Delegate GitHub repo-team access without org admin

Delegate day-to-day repo-team access work without turning GitHub org admin into the default operational permission.

Read the delegation guide

Compare GitHub access tools

Use these pages when you are deciding between a local scanner, org-as-code, policy enforcement, and repod's access operations workflow.

Compare

repod vs gh-iga

Compare a local access scanner with repod's reviewable GitHub access cleanup workflow.

Compare repod and gh-iga

Compare

repod vs safe-settings

Compare GitHub settings enforcement with repod's repo-team access audit and cleanup workflow.

Compare repod and safe-settings

Setup

Setup

PAT scopes

Fine-grained GitHub PAT guidance for connecting repod safely, including read and write scope requirements and troubleshooting.

Read the PAT scopes guide