Mods

turbot/github_sherlock

GitHub
Overview
4Dashboards
34Controls
0Queries
0Variables
GitHub
Loading controls...
On This Page
Description
Usage
Plugins & Tables
SQL
Tags
Get Involved
Edit on GitHub
Discuss on Slack

Control: Default branch requires pull request reviews before merging in each public repository

Description

Pull request reviews help improve quality of commits into the default branch.

Usage

Run the control in your terminal:

steampipe check github_sherlock.control.public_repo_default_branch_requires_pull_request_reviews

Snapshot and share results via Steampipe Cloud:

steampipe login
steampipe check --share github_sherlock.control.public_repo_default_branch_requires_pull_request_reviews

Plugins & Tables

github_my_repository
GitHub plugin

SQL

select
  url as resource,
  case
    when (default_branch_ref -> 'branch_protection_rule') is null then 'info'
    when (
      default_branch_ref -> 'branch_protection_rule' ->> 'requires_approving_reviews'
    ) = 'true' then 'ok'
    else 'alarm'
  end as status,
  name_with_owner || ' default branch ' || (default_branch_ref ->> 'name') || case
    when (default_branch_ref -> 'branch_protection_rule') is null then ' branch protection rule unknown.'
    when (
      default_branch_ref -> 'branch_protection_rule' ->> 'requires_approving_reviews'
    ) = 'true' then ' requires pull request reviews.'
    else ' does not require pull request reviews.'
  end as reason,
  name_with_owner
from
  github_my_repository
where
  visibility = 'PUBLIC'
  and is_fork = false

Tags

category = Compliance
plugin = github
service = GitHub/Repository