Documentation Index
Fetch the complete documentation index at: https://docs.pipefort.com/llms.txt
Use this file to discover all available pages before exploring further.
| Field | Value |
|---|
| Category | CICD-SEC-1 |
| Severity | HIGH |
| Auto-fix | ✗ |
| Source | Repository configuration |
What the check does
Reads the default branch’s protection rule. Fires when required_pull_request_reviews is absent.
Why it matters
Required PR reviews are the most-cited control in CICD-SEC-1. Without them, branch protection still permits a single committer to push directly to the default branch — losing the “second pair of eyes” defense entirely. Static scanners can catch only what they’re trained on; mandatory human review remains the most general-purpose mitigation against malicious or accidentally insecure code reaching production.
How to fix
Settings → Branches → edit the rule → enable Require a pull request before merging. Set Required approving reviews to at least 1 (2 is recommended for production branches; see BP-FEW-REVIEWERS).