Ensure GitHub branch protection rules requires linear history
Description
This policy checks whether GitHub branch protection rules require a linear history, which ensures that all commits in a branch are directly linked to their parent commits. This is important because it helps prevent malicious or unauthorized changes to the codebase by enforcing a strict commit history. By requiring a linear history, developers can more easily track changes and identify potential security vulnerabilities. Enforcing a linear history also helps to prevent rebase attacks and ensures the integrity of the codebase.
Code Example
github
Go to Repository Settings > Branches > Branch protection rules > Edit > Require linear historyRemediation
Enable the 'Require linear history' option in the GitHub branch protection rules to ensure that all commits are directly linked to their parent commits.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1046 |
| Severity | MEDIUM |
| IaC Type | github_configuration |
| Frameworks | * |
| Checkov ID | CKV_GITHUB_8 |