v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/github_compliance
Overview
2Dashboards
37Controls
33Queries
2Variables
GitHub

Control: 1.1.11 Ensure all open comments are resolved before allowing code change merging

Description

Organizations should enforce a "no open comments" policy before allowing code change merging.

Rationale

In an open code change proposal, reviewers can leave comments containing their questions and suggestions. These comments can also include potential bugs and security issues. Requiring all comments on a code change proposal to be resolved before it can be merged ensures that every concern is properly addressed or acknowledged before the new code changes are introduced to the code base.

Note: Code change proposals containing open comments would not be able to be merged into the code base.

Audit

For every code repository in use, verify that each merged code change does not contain open, unattended comments.

Remediation

For each code repository in use, require open comments to be resolved before the relevant code change can be merged.

Usage

Run the control in your terminal:

powerpipe control run github_compliance.control.cis_supply_chain_v100_1_1_11

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run github_compliance.control.cis_supply_chain_v100_1_1_11 --share

SQL

This control uses a named query:

repo_no_open_comments

Tags

category = Compliance
cis = true
cis_section_id = 1.1
cis_supply_chain_v100 = true
cis_type = automated
cis_version = v1.0.0
plugin = github
service = GitHub