turbot/github_sherlock

GitHub
Loading controls...

Control: Default branch should block deletion in each public repository

Description

The default branch is important and definitely shouldn't be deleted.

Usage

Run the control in your terminal:

steampipe check github_sherlock.control.public_repo_default_branch_blocks_deletion

Snapshot and share results via Steampipe Cloud:

steampipe login
steampipe check --share github_sherlock.control.public_repo_default_branch_blocks_deletion

Plugins & Tables

SQL

select
url as resource,
case
when (default_branch_ref -> 'branch_protection_rule') is null then 'info'
when (
default_branch_ref -> 'branch_protection_rule' ->> 'allows_deletions'
) = 'false' then 'ok'
else 'alarm'
end as status,
name_with_owner || ' default branch ' || (default_branch_ref ->> 'name') || case
when (
default_branch_ref -> 'branch_protection_rule' ->> 'allows_deletions'
) = 'false' then ' prevents deletion.'
when (
default_branch_ref -> 'branch_protection_rule' ->> 'allows_deletions'
) = 'true' then ' allows deletion.' -- If not false or true, then null, which means no branch protection rule exists
else ' branch protection rule unknown.'
end as reason,
name_with_owner
from
github_my_repository
where
visibility = 'PUBLIC'
and is_fork = false

Tags