Skip to main content
FieldValue
CategoryCICD-SEC-1
PlatformGitLab CI
SeverityHIGH
Auto-fix

What the check does

Flags a project whose default branch has no Protected Branch entry.

Why it matters

Without protection, anyone with push access can commit directly to the default branch and rewrite its history — bypassing merge requests, review, and CI. Protect the default branch under Settings → Repository → Protected branches: disallow direct pushes and force pushes, and require changes to land via merge request. This is a GitLab project-settings check: it reads the project configuration over the GitLab API (CLI: --git at a GitLab host with --gitlab-token; the web app uses its connected GitLab token) and reports under the Repository configuration group. See the rules overview.