Ensure branch protection rules are enforced on administrators
Description
This policy checks whether branch protection rules are enforced on administrators in GitHub repositories. Enforcing these rules on administrators ensures that even privileged users cannot bypass security controls, reducing the risk of unauthorized changes to the codebase. This is important because administrators may unintentionally introduce vulnerabilities or make changes that compromise the security of the repository. By enforcing branch protection rules on administrators, organizations can maintain a consistent and secure development workflow.
Code Example
github
In the GitHub repository settings, navigate to 'Branches' and select the branch you want to protect. Under 'Branch permissions', check the box next to 'Include administrators' to enforce branch protection rules on administrators.Remediation
Enable branch protection rules for administrators in the GitHub repository settings.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1048 |
| Severity | MEDIUM |
| IaC Type | github_configuration |
| Frameworks | * |
| Checkov ID | CKV_GITHUB_10 |