Ensure GitHub branch protection requires CODEOWNER reviews
Description
This policy checks whether GitHub branch protection requires CODEOWNER reviews for pull requests. Requiring CODEOWNER reviews ensures that changes to the codebase are reviewed and approved by the designated code owners, reducing the risk of unauthorized or malicious changes. This is particularly important for critical branches, such as main or master, where changes can have significant impacts on the project. By enforcing CODEOWNER reviews, teams can maintain the integrity and security of their codebase.
Code Example
github
required_pull_request_reviews {
require_code_owner_reviews = true
}Remediation
Enable the 'Require code owner reviews' option in the GitHub branch protection settings.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1051 |
| Severity | MEDIUM |
| IaC Type | github_configuration |
| Frameworks | * |
| Checkov ID | CKV_GITHUB_13 |