Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

📖 Update checks.md to show the benefit of >=2 reviewers #3013

Merged
merged 2 commits into from
May 19, 2023
Merged

📖 Update checks.md to show the benefit of >=2 reviewers #3013

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
deb042a
Update checks.yaml instead of cehcks.md
joycebrum May 19, 2023
ca74ffe
feat: generate checks.md
joycebrum May 19, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 8 additions & 3 deletions docs/checks.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,11 +73,16 @@ result to meet most user needs.

Different types of branch protection protect against different risks:

- Require code review: requires at least one reviewer, which greatly
- Require code review:
naveensrinivasan marked this conversation as resolved.
Show resolved Hide resolved
- requires at least one reviewer, which greatly
reduces the risk that a compromised contributor can inject malicious code.
Review also increases the likelihood that an unintentional vulnerability in
a contribution will be detected and fixed before the change is accepted.

- requiring two or more reviewers protects even more from the insider risk
whereby a compromised contributor can be used by an attacker to LGTM
the attacker PR and inject a malicious code as if it was legitm.

- Prevent force push: prevents use of the `--force` command on public
branches, which overwrites code irrevocably. This protection prevents the
rewriting of public history without external notice.
Expand Down Expand Up @@ -182,8 +187,8 @@ However, note that in those overlapping cases, Scorecard can only report what it
Risk: `High` (unintentional vulnerabilities or possible injection of malicious
code)

This check determines whether the project requires human code review before pull
requests (merge requests) are merged.
This check determines whether the project requires human code review
before pull requests (merge requests) are merged.

Reviews detect various unintentional problems, including vulnerabilities that
can be fixed immediately before they are merged, which improves the quality of
Expand Down
7 changes: 6 additions & 1 deletion docs/checks/internal/checks.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -162,11 +162,16 @@ checks:

Different types of branch protection protect against different risks:

- Require code review: requires at least one reviewer, which greatly
- Require code review:
- requires at least one reviewer, which greatly
reduces the risk that a compromised contributor can inject malicious code.
Review also increases the likelihood that an unintentional vulnerability in
a contribution will be detected and fixed before the change is accepted.

- requiring two or more reviewers protects even more from the insider risk
whereby a compromised contributor can be used by an attacker to LGTM
the attacker PR and inject a malicious code as if it was legitm.

- Prevent force push: prevents use of the `--force` command on public
branches, which overwrites code irrevocably. This protection prevents the
rewriting of public history without external notice.
Expand Down