Secure Source Manager is generally available (GA) by invitation only. To use Secure Source Manager, contact your Google Account team.

Branch protection overview

This page describes branch protection in Secure Source Manager for administrators.

To learn how to set up branch protection, follow the instructions in Configure branch protection.

Branch protection prevents users from accidentally or maliciously pushing bad code to an important branch. Repository administrators can configure branch protection to block code submission to specific branches based on the following criteria.

Require a pull request before merging

When enabled, a pull request must be created and approved by a configurable number of reviewers and approvers to merge into protected branches.

Reviewers and approvers are configured using IAM roles.

Reviewers: Must have at least the Secure Source Manager Repository Writer role (roles/securesourcemanager.repoWriter) on the protected repository.
Approvers: Must have either the Repository Admin role (roles/securesourcemanager.repoAdmin) or both the Repository Writer role (roles/securesourcemanager.repoWriter) and the Repository Pull Request Approver role (roles/securesourcemanager.repoPullRequestApprover) on the protected repository.

Users with the Repository Admin role or the Repository Writer role who also have the Repository Pull Request Approver role count as both an approver and reviewer when they approve a pull request.

Block merge on stale reviews

When enabled, commits added to a pull request after a review or approval has been granted will block the merge. New reviews and approvals must be granted before the pull request can be merged into the protected branch.

Enabled by default in all branch protection rules.

Require review comments to be resolved before merging

When enabled, all comments and requests for changes on the pull request must be resolved before it can be merged into the protected branch.

Require linear history

When enabled, pull requests that would introduce merge commits are blocked.

Maintaining a linear Git history has many benefits, including making it simpler to understand what each commit does.

Require status checks

When enabled, you can require a successful build status for triggers defined in your triggers file before a pull request can be merged into a protected branch.