Control: Default branch should block deletion in each public repository

Description

The default branch is important and definitely shouldn't be deleted.

Usage

Run the control in your terminal:

powerpipe control run github_sherlock.control.public_repo_default_branch_blocks_deletion

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run github_sherlock.control.public_repo_default_branch_blocks_deletion --share

Steampipe Tables

github_my_repository

SQL

select
  url as resource,
  case
    when (default_branch_ref -> 'branch_protection_rule') is null then 'info'
    when (
      default_branch_ref -> 'branch_protection_rule' ->> 'allows_deletions'
    ) = 'false' then 'ok'
    else 'alarm'
  end as status,
  name_with_owner || ' default branch ' || (default_branch_ref ->> 'name') || case
    when (
      default_branch_ref -> 'branch_protection_rule' ->> 'allows_deletions'
    ) = 'false' then ' prevents deletion.'
    when (
      default_branch_ref -> 'branch_protection_rule' ->> 'allows_deletions'
    ) = 'true' then ' allows deletion.' -- If not false or true, then null, which means no branch protection rule exists
    else ' branch protection rule unknown.'
  end as reason,
  name_with_owner
from
  github_my_repository
where
  visibility = 'PUBLIC'
  and is_fork = false

Control: Default branch should block deletion in each public repository

Description

Usage

Steampipe Tables

SQL

Tags