Code Review

GitHub DevSecOps Part 10: Branch Protection and Pull Requests

30 May 2023·6 mins

DevSecOps GitHub CI/CD DevOps Pull Request Code Review Branch Protection GitHub Actions Shift Left

In the previous nine sessions Patrick Steger and I built a GitHub DevSecOps pipeline with build, SCA, License Compliance, SAST, Container Scanning, Secret Detection and DAST. All useful — but only if it actually runs before code lands in main, and only if the merge is blocked when something serious shows up. In Part 10 we wire that gate together with Pull Requests and Branch Protection rules.

GitLab DevSecOps Part 10: How to Do a Merge Request the Right Way

2 November 2022·5 mins

DevSecOps GitLab CI/CD DevOps Merge Request Code Review Branch Protection Vulnerability Management Shift Left

In the previous nine sessions Patrick Steger and I built a GitLab DevSecOps pipeline that runs SAST, secret detection, software composition analysis, container scanning and DAST. Useful — but only if it actually catches issues before they reach the default branch. In Part 10 we close that loop: we wire the pipeline into Merge Requests so every change is scanned, the deltas against the default branch are visible, and approvals are required when new high or critical vulnerabilities appear.

↑