gu:who is an audit bot for the membership of your GitHub Organisation. It checks all users in your organisation, and raises a GitHub issue for anyone who doesn't meet the basic security requirements:
Your GitHub organisation must have a repo called 'people' (see gu-who-demo-org/people for an example) where gu:who can have an audit trail for who's meant to be in this organisation - and a place to open issues for security-problem users. For security purposes, we recommend this be a 'private' repo, as all the (potentially vulnerable) members of your org will be visible in it's issues.