Mods

turbot/github_sherlock

GitHub
Overview
4Dashboards
34Controls
0Queries
0Variables
GitHub
Loading controls...
On This Page
Description
Usage
Plugins & Tables
SQL
Get Involved
Edit on GitHub
Discuss on Slack

Control: Default branch should block deletion in each private repository

Description

The default branch is important and definitely shouldn't be deleted.

Usage

Run the control in your terminal:

steampipe check github_sherlock.control.private_repo_default_branch_blocks_deletion

Snapshot and share results via Steampipe Cloud:

steampipe login
steampipe check --share github_sherlock.control.private_repo_default_branch_blocks_deletion

Plugins & Tables

github_my_repository
GitHub plugin

SQL

select
  url as resource,
  case
    when (default_branch_ref -> 'branch_protection_rule') is null then 'info'
    when (
      default_branch_ref -> 'branch_protection_rule' ->> 'allows_deletions'
    ) = 'false' then 'ok'
    else 'alarm'
  end as status,
  name_with_owner || ' default branch ' || (default_branch_ref ->> 'name') || case
    when (
      default_branch_ref -> 'branch_protection_rule' ->> 'allows_deletions'
    ) = 'false' then ' prevents deletion.'
    when (
      default_branch_ref -> 'branch_protection_rule' ->> 'allows_deletions'
    ) = 'true' then ' allows deletion.' -- If not false or true, then null, which means no branch protection rule exists
    else ' branch protection rule unknown.'
  end as reason,
  name_with_owner
from
  github_my_repository
where
  visibility = 'PRIVATE'
  and is_fork = false