Ensure GitHub pull requests have at least 2 approvals

Error: GitHub pull requests have less than approvals
Bridgecrew Policy ID: BC_REPO_GITHUB_2 or BC_REPO_TF_GITHUB_5
Checkov Check ID: CKV_GITHUB_5 or CKV_GIT_5
Severity: MEDIUM

GitHub pull requests have less than approvals

Description

In GitHub, repository administrators can require that all pull requests receive a specific number of approving reviews before someone merges the pull request into a protected branch. It is also possible to require approving reviews from people with write permissions in the repository or from a designated code owner.

If a collaborator attempts to merge a pull request with pending or rejected reviews into the protected branch, the collaborator will receive an error message.

Fix - Buildtime

Terraform

  • Resource: github_branch_protection, github_branch_protection_v3
  • Attribute: required_approving_review_count
resource "github_branch_protection_v3" "example" {
...  
  required_pull_request_reviews {
+    required_approving_review_count = 2
...
  }
}

Did this page help you?