Gitlab project defined in Terraform does not require signed commits
Description
In GitLab, administrators can turn on the capability to require signed commits for a project. When you enable required commit signing on a branch, contributors and bots can only push commits that have been signed and verified to the branch. If a collaborator pushes an unsigned commit to a branch that requires commit signatures, the collaborator will need to rebase the commit to include a verified signature, then force push the rewritten commit to the branch.
Code Example
go
resource "gitlab_project" "example-two" {
...
push_rules {
...
+ reject_unsigned_commits = true
}
}Remediation
Terraform
- Resource: gitlab_project
- Attribute: prevent_secrets
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1072 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform |
| Checkov ID | CKV_GLB_4 |