Ensure GitHub branch protection rules does not allow deletions
Description
This policy checks whether GitHub branch protection rules allow deletions. Allowing branch deletions can lead to accidental or intentional loss of code and history, which can be detrimental to a project. Disallowing branch deletions ensures that the codebase remains intact and that any changes are properly reviewed and managed. It is essential to enforce this rule to maintain the integrity and security of the codebase.
Code Example
github
PATCH /repos/{owner}/{repo}/branches/{branch}/protection
{
"allow_deletions": false
}Remediation
Update the GitHub branch protection rules to disallow deletions.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1056 |
| Severity | MEDIUM |
| IaC Type | github_configuration |
| Frameworks | * |
| Checkov ID | CKV_GITHUB_18 |