Ensure open git branches are up to date before they can be merged into codebase
Description
This policy checks whether GitHub branch updates are required before merging into the codebase, ensuring that open git branches are up to date. This is important because it helps prevent outdated code from being merged, which could lead to bugs, security vulnerabilities, or inconsistencies. By requiring updated branches, developers can ensure that their code is built on the latest version of the codebase, reducing the risk of errors and improving overall code quality. This rule is particularly relevant in collaborative development environments where multiple contributors work on the same codebase.
Code Example
github
In the GitHub repository settings, navigate to 'Branches' and edit the branch permissions. Under 'Merge checks', select 'Require status checks to pass before merging' and set it to 'Required'.Remediation
Enable the 'Require status checks to pass before merging' option and set it to 'Required' for the repository's branch permissions.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1058 |
| Severity | MEDIUM |
| IaC Type | github_configuration |
| Frameworks | * |
| Checkov ID | CKV_GITHUB_20 |