The company behind one of the most important open source projects in the world is providing a new way to use its framework for IAM (identity and access management) this week. Credit: opensource.com GitHub is making available a new IAM (identity and access management) tool, dubbed Entitlements, which leverages the company’s own Git framework to parse, track and approve access to a business’ systems.The basic idea of Entitlements is to use a dedicated Git repository as a way to provide a centralized clearinghouse for identity management data and using pull requests to make any changes—new approvals, reverifications and any other changes can be made to a given repository for a given system.The use of metadata tags also allows administrators to be granular in how they manage access to their systems—approvals dating back long enough can be subjected to mandatory reverification, differently tagged users can be granted different rights and privileges, and so on. Moreover, the use of Git provides a detailed audit log for the whole process, letting administrators track who requested what access and when, when it was granted, and by whom, for example. Detailed lists of groups, organized by manager, region, access level and more are also available for better auditing. Git has been using the Entitlements system internally for “years,” according to the company’s official blog post announcing that Entitlements has gone open source. The system can be used on any Git repository, but using it with GitHub.com directly allows for more functionality, like the use of cron jobs to automate review and auditing tasks, or use a business data “source-of-truth” to push updates from an org chart to the Entitlements framework. Moreover, GitHub said, like any good open source project, Entitlements is constantly being improved and iterated upon.“GitHub uses Entitlements every day, averaging around 2,000 commits per month,” the company said in the blog post. “We’re constantly shipping improvements to the app and exploring ways to make it even easier to use. We want to enable others to use what we’ve built for their own IAM needs.” More information about the Entitlements system is available at the app’s repo, and example configurations and workflows are available at the config repo here. GitHub also open sourced two output plugins for Entitlements, one to manage GitHub Orgs and Team memberships, and another that allows organizations to create robust audit logs. Related content news CISA, FBI urge developers to patch path traversal bugs before shipping The advisory highlights how developers can follow best practices to fix these vulnerabilities during production. By Shweta Sharma May 03, 2024 3 mins Vulnerabilities news Microsoft continues to add, shuffle security execs in the wake of security incidents The company has appointed new product security chiefs as well as a customer-facing CISO as it continues to respond to high-profile attacks on its products and own network. By Elizabeth Montalbano May 03, 2024 4 mins CSO and CISO feature Malware explained: How to prevent, detect and recover from it What are the types of malware? How does malware spread? How do you know if you’re infected? We've got answers. By Josh Fruhlinger May 03, 2024 18 mins Ransomware Phishing Malware brandpost Sponsored by Cyber NewsWire LayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely from Any Browser, Anywhere Early adoption by Fortune 100 companies worldwide, LayerX already secures more users than any other browser security solution and enables unmatched security, performance and experience By Cyber NewsWire May 02, 2024 4 mins Cyberattacks Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe