Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.pipefort.com/llms.txt

Use this file to discover all available pages before exploring further.

FieldValue
CategoryCICD-SEC-1
SeverityLOW
Auto-fix
SourceRepository configuration

What the check does

  1. Detects a CODEOWNERS file (in CODEOWNERS, .github/CODEOWNERS, or docs/CODEOWNERS — GitHub’s canonical locations).
  2. Reads the branch protection rule on the default branch.
  3. Reports when required_pull_request_reviews.require_code_owner_reviews is false.
Only fires when CODEOWNERS exists — if you haven’t defined ownership, the rule is moot and stays silent.

Why it matters

A CODEOWNERS file is a declaration of who has authority on which paths. Without enforcement:
  • Changes to sensitive paths (/.github/workflows/, /infra/, /security/) can merge without the people responsible for them ever seeing the PR.
  • The file becomes pure documentation — easy to drift out of sync with reality, hard to rely on for incident response.
  • Compliance reviewers cannot point at “code owners must approve” as a control if the rule doesn’t actually require their approval.

How to fix

Settings → Branches → edit the rule → under Require a pull request before merging, enable Require review from Code Owners. Then sanity-check the CODEOWNERS file itself: make sure the listed teams exist, paths are accurate, and at least one owner is reachable for any merge to happen.