Audit Finding: [G02] Enable branch protection on main
Severity: Critical
Scope: GitOps
Rule: git.instructions § Branches — main must be protected, no direct pushes
Description
The main branch has no branch protection rules configured. This allows direct pushes, force pushes, and merges without review — violating the GitOps principle that all changes go through pull requests.
Suggested Fix
Enable branch protection on GitHub for main:
- Require pull request reviews before merging
- Require status checks to pass (CI workflow)
- Disallow force pushes
- Do not allow bypassing the above settings
Steps
- Go to Settings → Branches → Add branch protection rule
- Branch name pattern:
main
- Enable: Require a pull request before merging
- Enable: Require status checks to pass before merging (select
lint-and-test)
- Enable: Do not allow force pushes
- Save changes
Audit Finding: [G02] Enable branch protection on main
Severity: Critical
Scope: GitOps
Rule: git.instructions § Branches — main must be protected, no direct pushes
Description
The
mainbranch has no branch protection rules configured. This allows direct pushes, force pushes, and merges without review — violating the GitOps principle that all changes go through pull requests.Suggested Fix
Enable branch protection on GitHub for
main:Steps
mainlint-and-test)