Skip to main content
FieldValue
CategoryCICD-SEC-1
PlatformGitLab CI
SeverityHIGH
Auto-fix

What the check does

Flags a protected default branch whose rule permits force pushes.

Why it matters

A force push rewrites history, erasing the record of what was actually reviewed and merged and enabling stealthy tampering. Disable ‘Allowed to force push’ on the default branch’s protected-branch rule. This is a GitLab project-settings check: it reads the project configuration over the GitLab API (CLI: --git at a GitLab host with --gitlab-token; the web app uses its connected GitLab token) and reports under the Repository configuration group. See the rules overview.