This detection rule identifies events in which a private GitHub repository is changed to public visibility. The significance of this change lies in its potential to indicate unauthorized access or a data breach since adversaries might make this switch to exfiltrate sensitive code or other data. The rule queries the GitHub audit log to check for operation types related to repository modification, specifically focusing on events that show a transition from 'private' visibility to 'public'. The detection is based on finding audit entries where the 'event.dataset' is 'github.audit' and includes conditions that must be satisfied such as 'github.previous_visibility' being 'private' and 'github.visibility' being 'public'. The rule contributes an essential layer of security monitoring over GitHub repositories and aligns with the tactics of Exfiltration (TA0010) and Impact (TA0040) within the MITRE ATT&CK framework, notably techniques such as Automated Exfiltration (T1020) and Exfiltration Over Web Service (T1567). The rule falls under a low severity risk score and is designed for production-grade environments.