Ensure GitHub branch protection requires conversation resolution

Description

This policy checks whether GitHub branch protection requires conversation resolution, ensuring that all conversations are resolved before a pull request can be merged. This is important because it helps prevent unresolved conversations from being overlooked, which can lead to security vulnerabilities or bugs in the code. By requiring conversation resolution, teams can ensure that all issues are addressed before code is merged into a protected branch. This helps maintain code quality and security.

Code Example

github

In the GitHub repository settings, navigate to 'Branches' and edit the branch protection rule. Under 'Merge checks', select 'Require conversation resolution' and save the changes.

Remediation

Enable the 'Require conversation resolution' setting for the branch protection rule in GitHub.

Rule Details

Field	Value
ID	IAC-1054
Severity	MEDIUM
IaC Type	github_configuration
Frameworks	*
Checkov ID	CKV_GITHUB_16

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Ensure GitHub branch protection requires conversation resolution

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Ensure GitHub branch protection requires conversation resolution ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Ensure GitHub branch protection requires conversation resolution

Description

Code Example

Remediation

Rule Details

References