DOS6043

Protected branch name should match important-branch pattern

DOS6043

GitLab repository Severitylow builtIn

Description

Protected branches should target a meaningful branch name (main, master, release/*, prod*, live*) — not arbitrary feature branches. The match operator uses the regex pattern from the GL_POLICY_VAR_PROJECT_PROTECTED_BRANCH_PATTERNS library variable. Protecting feature/experimental branches inflates inventory and dilutes the meaning of branch protection.

Recommendation

1. Go to project Settings > Repository > Protected branches. 
2. Remove protection from non-essential branches (feature/*, experiment/*, etc.). 
3. Keep protection on main, master (legacy), release/*, prod*, live* branches.

Policy Rule

{
  "target": "GLProtectedBranch",
  "if": {
    "allOf": [
      {
        "resource": "GLProtectedBranch",
        "property": "Name",
        "operator": "match",
        "value": "(main|master|protected|release|live|prod|prd)"
      }
    ]
  },
  "then": {
    "effect": "Audit"
  }
}
« DOS6042 DOS6044 »
Rule Details
  • Rule ID: DOS6043
  • Code: GL_Branch_Name_Should_Match_Important_Pattern
  • Platform: GitLab
  • Category: repository
  • Severity: Severitylow
  • Type: builtIn
Related Rules

Copyright © DevOps Shield. All Rights Reserved. Privacy Policy | Cookie Policy | Terms and Conditions | v1.0.2