Ensure at least two approving reviews for PRs
Description
This policy checks if at least two approving reviews are required for pull requests (PRs) in Azure DevOps. Requiring multiple approvals ensures that code changes are thoroughly reviewed, reducing the risk of introducing security vulnerabilities or bugs. This rule is important because it helps prevent single points of failure and enforces a collaborative review process. By having multiple reviewers, the likelihood of detecting and addressing security issues before they reach production increases.
Code Example
terraform
resource "azuredevops_branch_policy_min_reviewers" "example" {
project_id = azuredevops_project.example.id
repository_id = azuredevops_git_repository.example.id
settings {
reviewer_count = 2
}
}Remediation
Configure the branch policy to require at least two approving reviews for PRs.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0000 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | azuredevops_branch_policy_min_reviewers, azuredevops_git_repository |
| Checkov ID | CKV2_ADO_1 |