Control: Default branch protections should apply to administrators in each public repository

Description

Administrators should have the same restrictions as other users for the default branch.

Usage

Run the control in your terminal:

powerpipe control run github_sherlock.control.public_repo_default_branch_protections_apply_to_admins

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run github_sherlock.control.public_repo_default_branch_protections_apply_to_admins --share

Steampipe Tables

github_my_repository

SQL

select
  url as resource,
  case
    when (default_branch_ref -> 'branch_protection_rule') is null then 'info'
    when (default_branch_ref -> 'branch_protection_rule' ->> 'is_admin_enforced') = 'true' then 'ok'
    else 'alarm'
  end as status,
  name_with_owner || ' default branch ' || (default_branch_ref ->> 'name') ||
    case
      when (default_branch_ref -> 'branch_protection_rule' ->> 'is_admin_enforced') = 'true' then ' protections apply to admins.'
      when (default_branch_ref -> 'branch_protection_rule' ->> 'is_admin_enforced') = 'false' then ' protections do not apply to admins.'
      -- If not false or true, then null, which means no branch protection rule exists
      else ' branch protection rule unknown.'
    end as reason,
  name_with_owner
from
  github_my_repository
where
  visibility = 'PUBLIC' and is_fork = false

Control: Default branch protections should apply to administrators in each public repository

Description

Usage

Steampipe Tables

SQL

Tags