Ensure inactive branches are periodically reviewed and removed

Git branches that have been inactive (i.e., no new changes introduced) for a long time are enlarging the surface of attacks for malicious code injection, sensitive data leaks, and CI pipeline exploitation. They potentially contain outdated dependencies that may leave them highly vulnerable. They are more likely to be improperly managed and could be accessed by many members of the organization.

Risk Level: medium
Platform: Github
Spectral Rule ID: GH-HRD039

REMEDIATION

Remove inactive branch.

SaaS:

  1. Go to https://github.com/<YOUR_ORGANIZATION_NAME>/<YOUR_REPO_NAME>/settings/branches.
  2. Delete inactive branch in 'Branch protection rules' section.

Read more: