GitHub branch protections were disabled for the repository
Description
AlphaSOC detected that GitHub branch protection rules were disabled for a repository. Branch protection rules enforce security measures that prevent unauthorized modifications, require code reviews, and block deletion of branches. Disabling these rules removes critical security controls.
Impact
Removing branch protections enables adversaries to force push malicious code, bypass code review requirements, and delete protected branches. This can lead to code tampering, injection of malware, and destruction of source code history.
Severity
| Severity | Condition |
|---|---|
Low | GitHub branch protections disabled for a repository |
Investigation and Remediation
Review audit logs to identify who disabled the branch protection and when. Determine whether the change was authorized. Re-enable branch protection rules immediately. Require pull request reviews and disable force pushes on affected branches. Enable branch deletion restrictions to prevent unauthorized removal of code. Set up required status checks to maintain code quality standards. Enforce signed commits to ensure code authenticity. Examine all code changes made during the period when protections were disabled to identify potential malicious modifications.