Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Features: Add "Require approval of the most recent push" to Branch protection check #2475

Closed
inferno-chromium opened this issue Nov 21, 2022 · 1 comment · Fixed by #2492
Closed

Features: Add "Require approval of the most recent push" to Branch protection check #2475

inferno-chromium opened this issue Nov 21, 2022 · 1 comment · Fixed by #2492
Assignees
@laurentsimon
Labels
kind/enhancement New feature or request priority/must-do Upcoming release

Comments

@inferno-chromium
Copy link
Contributor

Is your feature request related to a problem? Please describe.
Seems like a serious evasion of branch protection check if this ""Require approval of the most recent push" (new sub-feature) is not enabled. Read why - "Add evil commits to good PR and self-approve" - https://medium.com/boostsecurity/slsa-dip-source-of-the-problem-a1dac46a976
https://raw.githubusercontent.com/boostsecurityio/supply-chain-research/main/001-source/attack-tree_source.svg

Describe the solution you'd like
Require "Require approval of the most recent push" as part of branch protection

Describe alternatives you've considered
None

Additional context
None
@inferno-chromium inferno-chromium added kind/enhancement New feature or request priority/must-do Upcoming release labels Nov 21, 2022
@laurentsimon laurentsimon mentioned this issue Nov 28, 2022
Merged
@laurentsimon
Copy link
Contributor

Good catch. This seems to be a new setting. Sent #2492

@laurentsimon laurentsimon self-assigned this Nov 28, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@laurentsimon laurentsimon

Labels
kind/enhancement New feature or request priority/must-do Upcoming release
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

✨ Add support for RequiresLastPushReview in Branch Protection for GitHub laurentsimon/scorecard
2 participants
@inferno-chromium @laurentsimon