Ensure Gitlab branch protection rules does not allow force pushes

Error: Gitlab branch protection rules allows force pushes
Bridgecrew Policy ID: BC_REPO_GITLAB_1
Checkov Check ID: CKV_GITLAB_2
Severity: MEDIUM

Gitlab branch protection rules allows force pushes


In GitLab, permissions are fundamentally defined around the idea of having read or write permission to the repository and branches. To impose further restrictions on certain branches, they can be protected.

When you perform more complex operations, for example, squash commits, reset or rebase your branch, you must force an update to the remote branch. These operations imply rewriting the commit history of the branch. Forcing an update is not recommended when you’re working on shared branches.

You can enable force push on a protected branch, but this is ill-advised.

Did this page help you?