Skip to main content

Enforce Checks Before Merging

After you set up IaC Security in your repository, you can mandate rules and checks to enable merging pull requests (GitHub) or merge requests (GitLab).

If there are violations, you can block a GitHub pull request or GitLab merge request from merging.

GitHub doesn’t provide a global configuration for blocking, so GitHub admins must enforce this on their end.

Configure Branch Protection Rules in a GitHub Repository

In GitHub, if you're a repository owner or have admin permissions in a repository, you can customize branch protections in the repository and enforce certain workflows, such as requiring more than one pull request review or requiring certain status checks to pass before allowing a pull request to merge.

Configure branch protection rules for each GitHub repository as follows:

  1. Go to your GitHub repository.
  2. Click the Settings tab at the top.
  3. Click Branches on the left panel to display the branch protection rule page.
  4. Under Protect matching branches, select Require status check to pass before merging and Require branches to be up to date before merging.

GitHub PR Blocking 5. Click Save.

For more information, see Configuring protected branches.

Configure Branch Protection Rules in GitLab

In GitLab, you can prevent merge requests from being merged if:

  • No pipeline ran.
  • The pipeline did not succeed.

This works for both:

  • GitLab CI/CD pipelines
  • Pipelines run from an external CI integration

Configure the merge checks behavior in GitLab as follows:

  1. Go to Settings > General.
  2. Under Merge checks, select Pipelines must succeed and Skipped pipelines are considered successful.

GitLab PR Blocking 3. Click Save.

For more information, see Merge when pipeline succeeds.