Ensure the 'allow force push' setting is disabled.

The 'force push' option allows users with 'push' permissions to force their changes directly to the branch without a pull request and thus should be disabled.

Risk Level: medium
Platform: Gitlab
Spectral Rule ID: GL-HRD009

REMEDIATION

The "force push" option allows users to override the existing code with their own code.
This can lead to both intentional and unintentional data loss, as well as data infection with malicious code. Disabling the "force push" option prohibits users from forcing their changes to the main branch, which ultimately prevents malicious code from entering source code.

To protect a new branch and enable force push:

SaaS:

  1. On the top bar, select Menu > Projects and find your project.
  2. On the left sidebar, select Settings > Repository.
  3. Expand "Protected branches".
  4. From the Branch dropdown list, select the branch you want to protect.
  5. Select the needed settings from the Allowed to push and Allowed to merge lists.
  6. To disallow all users to force push, turn off the Allowed to force push toggle.

Read more: