Gitlab branch protection rules defined in Terraform allow force push
Description
Force pushing to a Git branch overrides the existing history on that branch, which can lead to irreversible loss of data and potential disruption in the collaborative development process. It can also inadvertently overwrite changes made by others, leading to confusion and conflicts within the team. This policy ensures that GitLab branch protection rules are set to prevent force pushes, thereby preserving the integrity of the branch history.
Code Example
go
resource "gitlab_branch_protection" "example" {
project = gitlab_project.example.id
branch = "main"
# Disable force pushes to the protected branch
+ allow_force_push = false
# ... other branch protection settings ...
}Remediation
Terraform
To adhere to this policy, ensure that the `allow_force_push` setting in GitLab branch protection is set to `false`.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1070 |
| Severity | HIGH |
| IaC Type | Terraform |
| Frameworks | Terraform |
| Checkov ID | CKV_GLB_2 |