Default Branch Should Require Code Review
policy name: code_review_not_required
severity: HIGH
Description
In order to comply with separation of duties principle and enforce secure code practices, a code review should be mandatory using the source-code-management built-in enforcement.
Threat Example(s)
Users can merge code without being reviewed which can lead to insecure code reaching the main branch and production.
Remediation
- Make sure you have admin permissions
- Go to the repo’s settings page
- Enter ‘Merge Requests’ tab
- Under ‘Merge request approvals’, Click ‘Add approval rule’ on the default branch rule
- Select ‘Approvals required’ and enter at least 1 approvers
- Select ‘Add approvers’ and select the desired members
- Click ‘Add approval rule’