Disable pushes to master for all Secure Product and Analyzer projects
We currently have many of our ~Secure projects configured to Allow to push: Maintainers
but there is no good reason to allow Maintainers to push to master
. We should update this setting to Allow to push: no one
.
In the spirit of rapid iteration if there are minor changes, it is recommended to open an MR and merge it yourself as this still provides an easier workflow for control mechanisms, auditing, and tracking throughput
Core projects
-
sast -
dast -
container-scanning -
gemnasium-db -
security-product-templates -
onboarding -
gitlab-depscan -
ci-templates -
license-management -
release -
go-ast-scanner-launcher - [-] benchmarks
-
Dependency Scanning -
binaries -
find-sec-bugs-launcher -
zaproxy -
advisories - [-] clair-scanner
Analyzers
-
sobelow -
spotbugs -
secrets -
tslint -
eslint -
gemnasium-fork -
gemnasium-maven -
gemnasium-python -
gemnasium -
retire.js -
bundler-audit -
find-sec-bugs-groovy -
gosec -
nodejs-scan -
security-code-scan -
find-sec-bugs-sbt -
phpcs-security-audit -
find-sec-bugs-gradle -
brakeman -
bandit -
flawfinder -
common -
go-ast-scanner -
find-sec-bugs
gemnasium
Skipped
demos
Skipped
tests
Skipped
Edited by Lucas Charles