After you set up IaC Security in your repository, you can mandate rules and checks to enable merging pull requests (GitHub/Bitbucket) or merge requests (GitLab).
If there are violations, you can block a GitHub/Bitbucket pull request or GitLab merge request from merging.
Configure Branch Protection Rules in GitHub
In GitHub, if you're a repository owner or have admin permissions in a repository, you can customize branch protections in the repository and enforce certain workflows, such as requiring more than one pull request review or requiring certain status checks to pass before allowing a pull request to merge.
To configure branch protection rules for each GitHub repository:
Go to your GitHub repository.
Click the Settings tab at the top.
Click Branches on the left panel to display the branch protection rule page.
Under Protect matching branches, select Require status check to pass before merging and Require branches to be up to date before merging.
For more information, see Configuring protected branches.
Configure Branch Protection Rules in GitLab
In GitLab, you can prevent merge requests from being merged if:
- No pipeline was run.
- The pipeline did not succeed.
This works for both:
- GitLab CI/CD pipelines.
- Pipelines run from an external CI integration.
To configure the merge checks behavior in GitLab:
Go to Settings > General.
Under Merge checks, select Pipelines must succeed and Skipped pipelines are considered successful.
For more information, see Merge when pipeline succeeds.
Configure Branch Protection Rules in Bitbucket
In Bitbucket, you can prevent pull requests from being merged using the Bitbucket merge checks.
To configure the merge checks for each Bitbucket repository:
Go to your Bitbucket repository.
Go to the Repository settings on the left panel.
Click Branch Permissions to display the branch permissions page.
Expand the Merge Checks dropdown.
Select the appropriate option as per your requirements.
For more information, see Bitbucket Merge Checks.