This rule monitors changes in the visibility settings of GitHub repositories within an organization. A high severity alert is generated when any visibility change occurs, indicating potential exfiltration risks when sensitive data is made public. The detection is triggered based on GitHub audit logs, specifically watching for actions captured under the 'repo.access' event. The significance of this rule lies in safeguarding proprietary or sensitive information that may inadvertently become exposed to the public, potentially leading to data breaches. This rule utilizes GitHub’s API to listen for changes in repository visibility settings—these changes are critical and often signify the sharing of confidential information that should remain protected. It is essential for organizations to manage such settings carefully and monitor actions by actors who possess the ability to alter these configurations.