CODEWITHSUNDEEP
gitgithub
Nadine
Nadine

Reputation: 787

Can one track github pulls?

Is there a way to see if someone performs a git pull from a repository on GitHub? Or is this not recorded anywhere? I'm interested because a developer who is 'supposed' to not be working on the project knows a lot about it.

And yes, we can just remove them. But I'm interested to know if they have abused the trust and NDA agreement they have signed.

Upvotes: 2

Views: 2252

Answers (1)

Dietrich Epp
Dietrich Epp

Reputation: 213258

There are a lot of ways you can get source code from GitHub.

  1. Pull over HTTPS.

  2. Pull over SSH.

  3. Pull over the Git protocol.

  4. Download snapshots.

  5. Browse through the web interface.

Presumably, you have a private repository otherwise this whole thing is nonsense. Therefore you must be paying GitHub money, and therefore you should send an email to support (or open a ticket, or whatever). I don't know what kind of logs GitHub keeps.

However,

It is very suspicious that you use the phrase "abused the trust and NDA agreement".

  1. An NDA does not prevent someone from reading proprietary source code. That is not the function of an NDA. The purpose of an NDA is to prevent someone from revealing information about it. Hence the term, "non-disclosure agreement". So, the NDA should be irrelevant.

  2. About the phrase, "abused the trust". Is the developer prohibited from reading the source code to this repository?

    • How have you communicated this to the developer? Have you told the developer in person or in writing that they are prohibited from accessing this source code?

    • Have you talked to the developer? Does the developer admit to/deny accessing the source code?

    • Is it possible that the developer learned everything by chatting with other developers by the water cooler?

    "Trust" is such a vague term. I don't know if you "trust" the developer to follow the rules in the employee handbook or if you "trust" the developer to just "do the right thing". You could be trying to solve a personnel problem with a technical solution (don't do that) or you could just be trying to get evidence that the developer broke the rules (which is fine).

Upvotes: 6

Related Questions