Skip to content

Commit 40fe00f

Browse files
authored
docs: Adding callout for branch protection security improvements (#2798)
1 parent cad80d8 commit 40fe00f

File tree

2 files changed

+20
-0
lines changed

2 files changed

+20
-0
lines changed

docs/2.0/docs/pipelines/installation/branch-protection.mdx

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,16 @@ Below is an example of the recommended branch protection settings:
3434
GitHub Enterprise customers can also configure [push rulesets](https://docs.github.com/en/enterprise-cloud@latest/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets#push-rulesets). This feature allows restricting edits to `.github/workflows` files, ensuring infrastructure changes are properly reviewed and approved through Pipelines. Follow the documentation [here](https://docs.github.com/en/enterprise-cloud@latest/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository#creating-a-push-ruleset) to enable push rulesets if available.
3535
:::
3636

37+
## Securing User Accounts
38+
39+
Branch protection rules are only effective if you are confident that the users who have access to your repository are legitimate and trusted.
40+
41+
You can improve your security posture by ensuring that:
42+
43+
1. [User accounts have Multi-Factor Authentication (MFA) enabled](https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication).
44+
2. [User accounts don't have compromised credentials](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure).
45+
3. [User accounts are granted access to infrastructure-live repositories on a least privilege basis](https://en.wikipedia.org/wiki/Principle_of_least_privilege).
46+
3747
## Pull Request Workflow
3848

3949
1. Developers make infrastructure changes on a branch and create a pull request (PR) against the default branch.

docs/2.0/docs/pipelines/installation/gitlab-branch-protection.md

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,16 @@ Below is an example of the recommended GitLab branch protection settings:
1515

1616
![GitLab Branch Protection Settings](/img/pipelines/gitlab_branch_protection.png)
1717

18+
## Securing User Accounts
19+
20+
Branch protection rules are only effective if you are confident that the users who have access to your repository are legitimate and trusted.
21+
22+
You can improve your security posture by ensuring that:
23+
24+
1. [User accounts have Multi-Factor Authentication (MFA) enabled](https://docs.gitlab.com/user/profile/account/two_factor_authentication/).
25+
2. [User accounts don't have compromised credentials](https://docs.gitlab.com/auth/auth_practices/).
26+
3. [User accounts are granted access to infrastructure-live repositories on a least privilege basis](https://en.wikipedia.org/wiki/Principle_of_least_privilege).
27+
1828
## Merge Request Workflow
1929

2030
1. Developers make infrastructure changes on a branch and create a merge request (MR) against the default branch.

0 commit comments

Comments
 (0)