DOS6052

Project must have a default branch (CI anchor)

DOS6052

GitLab project Severitymedium builtIn

Description

CI pipelines anchor to the project default branch for scheduled and manual runs. A project with empty DefaultBranch (no commits to any branch, or repository corruption) cannot run scheduled CI, and merge requests cannot resolve a target. This rule is a CI-readiness pre-flight check.

Recommendation

1. If the project is empty (DOS6033 fires too), push an initial commit to establish a default branch. 
2. Otherwise, go to Settings > Repository > Default branch and explicitly set one of the existing branches as default.

Policy Rule

{
  "target": "GLProject",
  "if": {
    "allOf": [
      {
        "resource": "GLProject",
        "property": "DefaultBranch",
        "operator": "notEquals",
        "value": ""
      }
    ]
  },
  "then": {
    "effect": "Audit"
  }
}
« DOS6051 DOS6053 »
Rule Details
  • Rule ID: DOS6052
  • Code: GL_ProjectCi_DefaultBranch_Should_Be_Set
  • Platform: GitLab
  • Category: project
  • Severity: Severitymedium
  • Type: builtIn
Related Rules

Copyright © DevOps Shield. All Rights Reserved. Privacy Policy | Cookie Policy | Terms and Conditions | v1.0.2