Module ghsec::checks::code_review_limits

The code_review_limits check ensures that the Code review limits in a repository use secure values.

By default, public GitHub repositories allow anyone to submit reviews that approve or request changes to a pull requests. This means that anyone without any particularly privileged access could enable a pull request to be merged, as long as it was created by another user or tool, and set up for auto-merge in one way or another.

This check will print an error with a link which can be followed to enable Code review limits on the target repository, or globally for the account. Since apparently this “internal hackaton project” (see the announcement) got pushed to production without thinking about adding an API, there is no way to automate this without horrible hacks for now.

Sources

• GitHub Docs
• Blog Announcement

Structs

• CodeReviewLimits
  Implementation for the code_review_limits check