---

Table of contents

• Default Branch Should Be Protected
• Default Branch Should Limit Code Review to Code-Owners
• Default Branch Should Not Allow Force Pushes
• Default Branch Should Require All Commits To Be Signed
• Default Branch Should Require Code Review
• Default Branch Should Require Code Review By At Least Two Reviewers
• Default Branch Should Require New Code Changes After Approval To Be Re-Approved
• Forking Should Not Be Allowed for Private/Internal Projects
• Merge Request Authors Should Not Be Able To Override the Approvers List
• Overriding predefined CI/CD variables should be restricted.
• Project Should Be Updated At Least Quarterly
• Project Should Have A Low Owner Count
• Project Should Require All Conversations To Be Resolved Before Merge
• Project Should Require All Pipelines to Succeed
• Repository Should Not Allow Committer Approvals
• Repository Should Not Allow Review Requester To Approve Their Own Request
• Webhook Configured Without SSL Verification