v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/github_compliance
Overview
2Dashboards
37Controls
33Queries
2Variables
GitHub

Control: 1.1.15 Ensure pushing or merging of new code is restricted to specific individuals or teams

Description

Ensure that only trusted users can push or merge new code to protected branches.

Rationale

Requiring that only trusted users may push or merge new changes reduces the risk of unverified code, especially malicious code, to a protected branch by reducing the number of trusted users who are capable of doing such.

Note: Only administrators and trusted users can push or merge to the protected branch.

Audit

For each repository that is being used, ensure only trusted and responsible users can push or merge new code.

Remediation

For each repository in use, allow only trusted and responsible users to push or merge new code.

Usage

Run the control in your terminal:

powerpipe control run github_compliance.control.cis_supply_chain_v100_1_1_15

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run github_compliance.control.cis_supply_chain_v100_1_1_15 --share

SQL

This control uses a named query:

default_branch_restrict_push_and_merge

Tags

category = Compliance
cis = true
cis_section_id = 1.1
cis_supply_chain_v100 = true
cis_type = automated
cis_version = v1.0.0
plugin = github
service = GitHub