github_actions_artifactgithub_actions_repository_runnergithub_actions_repository_secretgithub_actions_repository_workflow_rungithub_audit_loggithub_branchgithub_branch_protectiongithub_commitgithub_community_profilegithub_gistgithub_gitignoregithub_issuegithub_licensegithub_my_gistgithub_my_issuegithub_my_organizationgithub_my_repositorygithub_my_stargithub_my_teamgithub_organizationgithub_pull_requestgithub_rate_limitgithub_releasegithub_repositorygithub_search_codegithub_search_commitgithub_search_issuegithub_search_labelgithub_search_pull_requestgithub_search_repositorygithub_search_topicgithub_search_usergithub_stargazergithub_taggithub_teamgithub_team_membergithub_team_repositorygithub_traffic_view_dailygithub_traffic_view_weeklygithub_usergithub_workflow
Table: github_branch_protection
Branch protection is a set of rules protecting the branch from inappropriate changes.
The github_branch_protection
table can be used to query information about any branch, and you must specify which repository in the where or join clause using the repository_full_name
column.
GitHub users with admin permissions to a repository can manage branch protection rules.
Examples
List branches and their protection for a repository
select *from github_branch_protectionwhere repository_full_name = 'turbot/steampipe';
Get branch protection for a specific repo
select *from github_branch_protectionwhere repository_full_name = 'turbot/steampipe' and name = 'main';
Control examples
- private_repo_default_branch_blocks_deletion
- private_repo_default_branch_blocks_force_push
- private_repo_default_branch_protections_apply_to_admins
- private_repo_default_branch_requires_pull_request_reviews
- public_repo_default_branch_blocks_deletion
- public_repo_default_branch_blocks_force_push
- public_repo_default_branch_protections_apply_to_admins
- public_repo_default_branch_requires_pull_request_reviews
.inspect github_branch_protection
Branch protection defines rules for pushing to and managing a branch.
Name | Type | Description |
---|---|---|
_ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. |
allow_deletions_enabled | boolean | If true, allow users with push access to delete matching branches. |
allow_force_pushes_enabled | boolean | If true, permit force pushes for all users with push access. |
enforce_admins_enabled | boolean | If true, enforce all configured restrictions for administrators. |
name | text | The branch name. |
repository_full_name | text | The full name of the repository (login/repo-name). |
required_linear_history_enabled | boolean | If true, prevent merge commits from being pushed to matching branches. |
required_pull_request_reviews | jsonb | Pull request reviews required before merging. |
required_status_checks | jsonb | Status checks that must pass before a branch can be merged into branches matching this rule. |
restrictions_apps | jsonb | Applications can push to the branch only if in this list. |
restrictions_teams | jsonb | Teams can push to the branch only if in this list. |
restrictions_users | jsonb | Users can push to the branch only if in this list. |