Skip to content

Latest commit

 

History

History
65 lines (46 loc) · 3.81 KB

set-code-scanning-merge-protection.md

File metadata and controls

65 lines (46 loc) · 3.81 KB
title shortTitle intro permissions product versions type topics
Set code scanning merge protection
Set merge protection
You can use rulesets to set {% data variables.product.prodname_code_scanning %} merge protection for pull requests.
{% data reusables.permissions.security-org-enable %}
{% data reusables.gated-features.code-scanning %}
feature
code-scanning-merge-protection-rulesets
how_to
Code scanning
CodeQL

About using rulesets for {% data variables.product.prodname_code_scanning %} merge protection

Note

  • Merge protection with rulesets is not related to status checks. For more information about status checks, see AUTOTITLE.
  • Merge protection with rulesets will not apply to merge queue groups or {% data variables.product.prodname_dependabot %} pull requests analyzed by default setup.

You can use rulesets to prevent pull requests from being merged when one of the following conditions is met:

{% data reusables.code-scanning.merge-protection-rulesets-conditions %}

Typically you should use rulesets target long-lived feature branches, where you would like to guarantee that code has been analyzed before pull requests can be merged.

Configuring a {% data variables.product.prodname_code_scanning %} rule will not automatically enable {% data variables.product.prodname_code_scanning %}. For more information about how to enable code scanning, see AUTOTITLE.

For more information about {% data variables.product.prodname_code_scanning %} alerts, see AUTOTITLE.

You can set merge protection with rulesets at the repository {% ifversion ghec or ghes %}or organization levels{% else %}level{% endif %}, and for repositories configured with either default setup or advanced setup. You can also use the REST API to set merge protection with rulesets.

For more information about rulesets, see AUTOTITLE.

Creating a merge protection ruleset for a repository

{% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} {% data reusables.repositories.repo-rulesets-settings %}

  1. Click New ruleset.
  2. To create a ruleset targeting branches, click New branch ruleset. {% data reusables.repositories.rulesets-general-step %} {% data reusables.repositories.rulesets-require-code-scanning-results %}

For more information about managing rulesets in a repository, see AUTOTITLE.

{% ifversion ghec or ghes %}

Creating a merge protection ruleset for all repositories in an organization

{% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} {% data reusables.organizations.access-ruleset-settings %}

  1. Click New ruleset.
  2. To create a ruleset targeting branches, click New branch ruleset. {% data reusables.repositories.rulesets-general-step %} {% data reusables.repositories.rulesets-require-code-scanning-results %}

For more information about managing rulesets for repositories in an organization, see AUTOTITLE.

{% endif %}

Creating a merge protection ruleset with the REST API

You can use the REST API to create a ruleset with the code_scanning rule, which allows you to define specific tools and set alert thresholds. For more information, see AUTOTITLE.