GitHub branch protection policy changed
Description
AlphaSOC detected modifications to GitHub branch protection policies. This indicates that protection rules for one or more repository branches were created, modified, or removed. Branch protection policies enforce code quality controls such as required pull request reviews, status checks, and restrictions on force pushes or deletions of protected branches.
Impact
Unauthorized modification or removal of branch protection policies can weaken software development security controls. Adversaries may disable these protections to bypass code review requirements, commit malicious code directly to critical branches, or circumvent automated security testing. This could potentially allow code tampering if exploited by threat actors.
Severity
| Severity | Condition |
|---|---|
Informational | GitHub branch protection policy changed |
Investigation and Remediation
Examine GitHub audit logs to identify who modified the branch protection policies, when the changes occurred, and what specific protections were altered. Compare current settings against organizational security standards and previous configurations. Review any commits made to previously protected branches during the time protections were weakened. If unauthorized changes are confirmed, restore appropriate branch protection settings and assess whether any malicious code was introduced while controls were disabled.