Ensure branch protection rules are enforced for administrators

By default, the restrictions of a branch protection rule do not apply to people with admin permissions to the repository or custom roles with the "bypass branch protections" permission in a repository.

Suggest Edits

Risk Level: medium
Platform: Github
Spectral Rule ID: GH-HRD022

REMEDIATION

To enforce branch protections for all Admins and roles with the "Bypass branch protections" permission, enable Do not allow bypassing the above settings in your branch protection rules.

SaaS:

On GitHub.com, navigate to the main page of the repository.
Under your repository name, click Settings.
In the Code and automation section of the sidebar, click Branches.
Click on Branch protection rules. For each rule check Do not allow bypassing the above settings is enabled.

https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/about-protected-branches#do-not-allow-bypassing-the-above-settings
https://github.blog/changelog/2022-08-18-bypass-branch-protections-with-a-new-permission/

Updated 7 months ago

REMEDIATION

Read more: