Documentation Index
Fetch the complete documentation index at: https://docs.pipefort.com/llms.txt
Use this file to discover all available pages before exploring further.
| Field | Value |
|---|---|
| Category | CICD-SEC-1 |
| Severity | MEDIUM |
| Auto-fix | ✗ |
| Source | Repository configuration |
What the check does
Reads the branch protection rule and reports whenrequired_pull_request_reviews.required_approving_review_count < 2.
Why it matters
A single required reviewer is a single point of failure. If that account is compromised, coerced, or the developer is also the PR author (rotated to a colleague who rubber-stamps), the review control collapses. Two reviewers raises the bar meaningfully — the attacker now needs collusion or two compromised accounts. Two is also the threshold most regulated industries (SOC 2, PCI, ISO 27001) treat as “meaningful peer review” rather than “advisory”.How to fix
Settings → Branches → edit the rule → set Required approving reviews to 2 or more. For high-impact branches (release branches, infrastructure repos), consider also enabling Require review from Code Owners and adding aCODEOWNERS file.