Repository visibility enforcement auto-remediation

The Repository visibility enforcement agent prevents accidental exposure of source code by continuously scanning repositories and ensuring they are private by default. When a repository is detected as public, the agent can automatically correct it or create an exception workflow.

What the agent does

For connected SCM providers (for example GitHub or Bitbucket), the SecureSlate agent can:

1. Scan all repositories in your org/workspace on a schedule.
2. Detect public repos (and optionally ignore known forks or allowed open-source repos).
3. Auto-remediate by setting visibility to private where permitted.
4. Open an exception ticket when a repo is intended to be public (approval + justification).
5. Collect evidence of visibility state and remediation actions.

Run auto-remediation

1. Open the failing repository visibility test.
2. Click Auto Fix on the SecureSlate AI can fix this card.
3. Review which repos will be modified and which ones will generate exception tickets.

Review and approve

You can review:

• Repos flagged as public
• Planned actions (set private vs exception ticket)
• Allowed list (approved open-source repos)

Then choose:

• Approve — The agent applies visibility changes and/or creates the exception workflow.
• Reject — Close without changes.

Related documentation

• Getting Started with Tests
• Assignment and Ownership for Controls, Tests, and Policies