What is gu:who?

gu:who is an audit bot for the membership of your GitHub Organisation. It checks all users in your organisation, and raises a GitHub issue for anyone who doesn't meet the basic security requirements:

• Two-Factor-Authentication enabled (requires owner privileges)
• a Full Name in their GitHub profile - helping you identify users you can't identify by username alone
• Sponsor - a more senior member of staff adds the user to the users.txt file, taking responsibility via git-blame for the user being in the organisation

Prerequisites

Your GitHub organisation must have a repo called 'people' (see gu-who-demo-org/people for an example) where gu:who can have an audit trail for who's meant to be in this organisation - and a place to open issues for security-problem users. For security purposes, we recommend this be a 'private' repo, as all the (potentially vulnerable) members of your org will be visible in it's issues.