GitHub merge requests should require at least 2 approvals
Description
In GitHub, repository administrators can require that all pull requests receive a specific number of approving reviews before someone merges the pull request into a protected branch. It is also possible to require approving reviews from people with write permissions in the repository or from a designated code owner. If a collaborator attempts to merge a pull request with pending or rejected reviews into the protected branch, the collaborator will receive an error message.
Code Example
hcl
resource "github_branch_protection_v3" "example" {
...
required_pull_request_reviews {
...
}
}Remediation
Terraform
- Resource: github_branch_protection, github_branch_protection_v3
- Attribute: required_approving_review_count
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1043 |
| Severity | MEDIUM |
| IaC Type | github_configuration |
| Frameworks | VCS |
| Checkov ID | CKV_GITHUB_5 |