Bridgecrew and Checkov can now identify misconfigurations in your version control system (VCS) provider using Terraform. Many of Checkov’s policies for VCS providers can now be applied to Terraform code that uses either GitHub or GitLab.
With these new policies, users can proactively harden their VCS security and ensure that they’re following best practices to maintain VCS security.
The policies include:
- Ensure GitHub repository is Private
- Ensure GitHub repository webhooks are using HTTPS
- Ensure GitHub repository has vulnerability alerts enabled
- Ensure GitHub Actions secrets are encrypted
- GitHub pull requests should require at least 2 approvals
- Ensure GitHub branch protection rules require signed commits
- Ensure at least two approving reviews are required to merge a GitLab MR
- Ensure GitLab branch protection rules do not allow force pushes
- Ensure GitLab prevent secrets is enabled
- Ensure GitLab commits are signed