Protected Branches

This check verifies if the main branch is protected and if force push is disabled for default branches. The check passes if the main branch is protected and force push is disabled for default branches and the minimum permission level for access to the main and default branch is greater than or equal to the minimum threshold.

- type: PROTECTED_BRANCHES
  description: Checks if main branch is protected and if force push is disabled for default branches
  threshold:
    min: 40 # 0: no access; 30: Developer access; 40: Maintainer access; 60: Admin access

Background

Protected branches are an important feature of Git repositories that help maintain the integrity of the codebase. By protecting branches, you can prevent accidental changes, enforce code review policies, and ensure that only authorized users can change the codebase.

The main branch is often the default branch in a repository and serves as the primary branch for the project. Protecting the main branch ensures that only authorized users can push changes to it, reducing the risk of accidental changes or unauthorized modifications.

Force push is a Git operation that allows you to overwrite the history of a branch, potentially losing commits and making it difficult to track changes. Disabling force push for default branches helps maintain the integrity of the commit history and ensures that changes are tracked accurately.