In this article
Branch Protection
Overview
The main branch for hve-core is protected to reduce the risk of unreviewed or unauthorized changes to workflow and release automation.
This page describes the security policy and rationale for branch protection. For contributor-facing configuration steps, required status checks, and OpenSSF Scorecard guidance, see Branch Protection Configuration.
Required Controls
The repository enforces the following main-branch protections:
- Require a pull request before merging
- Require review from a Code Owner before merging
- Dismiss stale approvals when new commits are pushed
- Disallow force-pushes to the branch
CODEOWNERS Coverage
The repository's CODEOWNERS file assigns ownership for repository configuration and workflow definitions under the .github/ path to the core team. That ownership is the review path that supports the branch protection requirement for Code Owner approval.
Rationale
These controls strengthen the repository's supply-chain posture by ensuring that changes to workflows, automation, and release logic are reviewed by the appropriate maintainers before they can merge.
🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.