Skip to main content

GitHub branch protections were disabled for the repository

ID:github_repository_branch_protection_disabled
Data type:GitHub
Severity:
Low
MITRE ATT&CK:TA0005:T1562.001

Description

AlphaSOC detected that GitHub branch protection rules were disabled for a repository. Branch protection rules enforce security measures that prevent unauthorized modifications, require code reviews, and block deletion of branches. Disabling these rules removes critical security controls.

Impact

Removing branch protections enables adversaries to force push malicious code, bypass code review requirements, and delete protected branches. This can lead to code tampering, injection of malware, and destruction of source code history.

Severity

SeverityCondition
Low
GitHub branch protections disabled for a repository

Investigation and Remediation

Review audit logs to identify who disabled the branch protection and when. Determine whether the change was authorized. Re-enable branch protection rules immediately. Require pull request reviews and disable force pushes on affected branches. Enable branch deletion restrictions to prevent unauthorized removal of code. Set up required status checks to maintain code quality standards. Enforce signed commits to ensure code authenticity. Examine all code changes made during the period when protections were disabled to identify potential malicious modifications.

Further Reading