DOS5600

Branch Protection Rules - Protect your most important branches

DOS5600

GitHub repository critical builtIn

Description

Protect your most important branches by setting branch protection rules. You can enforce certain workflows or requirements before a collaborator can push changes to a branch in your repository, including merging a pull request into the branch, by creating a branch protection rule. Learn more: https://docs.github.com/en/enterprise-cloud@latest/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches https://docs.github.com/en/enterprise-cloud@latest/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule

Recommendation

1. Go to your Repository Settings. 
2. In the 'Code and automation' section of the sidebar, select 'Branches' section. 
3. Click on 'Add branch protection rule' button. 
4. Follow the steps to protect your most important branches.

Policy Rule

{
  "target": "GHBranchProtectionRules",
  "if": {
    "allOf": [
      {
        "resource": "GHBranchProtectionRules",
        "property": "BranchProtectionRules.TotalCount",
        "operator": "greaterThan",
        "value": 0
      }
    ]
  },
  "then": {
    "effect": "Audit"
  }
}
« DOS5575 DOS6010 »
Rule Details
  • Rule ID: DOS5600
  • Code: GH_Repository_BranchProtectionRules_Protect_Your_Most_Important_Branches
  • Platform: GitHub
  • Category: repository
  • Severity: critical
  • Type: builtIn
Related Rules

Copyright © DevOps Shield. All Rights Reserved. Privacy Policy | Cookie Policy | Terms and Conditions