Stay organized with collections
Save and categorize content based on your preferences.
This page explains how to configure branch protection for
Secure Source Manager repositories.
Branch protection lets repository administrators set rules to control who can
make changes to branches, who needs to approve or review changes, and what
conditions must be met before an approved change can be merged into a branch.
To get the permissions that
you need to configure branch protection rules for a Secure Source Manager repository,
ask your administrator to grant you the
following IAM roles:
To create a new branch protection rule, do the following:
In the Secure Source Manager web interface, select the repository you
want to protect with a branch protection rule.
From the repository page, click Settings.
Click the Branch rule tab.
Click Add branch rule.
In the Branch rule ID field, enter a name for the branch rule.
Branch rule IDs are restricted to lower-case letters, numbers,
and hyphens. The first character must be a letter, and the last character
must be a letter or a number. Branch rule IDs have a 63 character
maximum.
In the Branch filter field, enter the name of the branch you want
the rule to apply to, or if you want the rule to apply to all branches,
enter .*. Full regular expression matching is not supported.
Enabled branch rule filters must be unique to their repository. Users can
have multiple disabled branch rule filters. For example, you can't have two
enabled branch rules in a single repository with the branch filter main.
When multiple rules are applicable for a branch, the branch rule with a
specific branch name as the branch filter will override the wildcard rule.
For example, a branch rule with branch filter main will override a
branch rule with the branch filter .*. Rules are not combined.
In the Branch protection rule details section, specify the
requirements for your branch rule from the following options:
Require a pull request before merging: if enabled, direct
commits to the branch will be blocked. A pull request must be opened
before merging into the protected branch.
Required number of reviewers: specify the number of
reviewers required to approve in order to merge the pull request.
Required number of approvers: specify the number of
approvers required to approve in order to merge the pull request.
Reviewers and approvers are users with specific IAM
roles. To learn which roles are required for reviewers and approvers,
see Branch protection overview.
Block merge on stale reviews and approvals: if enabled, a review
or approval is removed if new commits are pushed to the pull request
after the review or approval is granted.
Require conversation resolution before merging: if enabled,
all code comments and request change reviews must be resolved before
merging.
Require linear history: if enabled, pull requests that would create
a non-linear Git history can't be merged.
Require status checks: if enabled, the selected build status checks
must be successful before a pull request can be merged. You must
configure triggers in your triggers file before
you can select them as status checks for branch protection.
To save the branch rule, click Submit.
The Branch rules tab is displayed, with your new branch rule listed.
Modify a branch protection rule
To modify a branch protection rule, do the following:
In the Secure Source Manager web interface, select the repository with
the branch protection rule you want to modify.
From the repository page, click Settings.
Click the Branch rules tab.
Click the name of the branch rule you want to modify.
Edit the branch protection rule.
Click Update.
The branch protection rule is updated.
Delete a branch protection rule
To delete a branch protection rule, do the following:
In the Secure Source Manager web interface, select the repository that
you want to remove the branch rule from.
From the repository page, click Settings.
Click the Branch rule tab.
In the row of the rule you want to delete, click the Delete icon.
In the Remove branch rule confirmation screen, click Yes.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[],[],null,["# Configure branch protection\n\nThis page explains how to configure branch protection for\nSecure Source Manager repositories.\n\nBranch protection lets repository administrators set rules to control who can\nmake changes to branches, who needs to approve or review changes, and what\nconditions must be met before an approved change can be merged into a branch.\n\nFor more information about branch protection rules, see [Branch protection\noverview](/secure-source-manager/docs/branch-protection-overview).\n\nBefore you begin\n----------------\n\n1. [Create a Secure Source Manager instance](/secure-source-manager/docs/create-instance).\n2. [Create a Secure Source Manager repository](/secure-source-manager/docs/create-repository).\n\n### Required roles\n\n\nTo get the permissions that\nyou need to configure branch protection rules for a Secure Source Manager repository,\n\nask your administrator to grant you the\nfollowing IAM roles:\n\n- [Secure Source Manager Instance Accessor](/iam/docs/roles-permissions/securesourcemanager#securesourcemanager.instanceAccessor) (`roles/securesourcemanager.instanceAccessor`) on the Secure Source Manager instance\n- [Secure Source Manager Repository Admin](/iam/docs/roles-permissions/securesourcemanager#securesourcemanager.repoAdmin) (`roles/securesourcemanager.repoAdmin`) on the Secure Source Manager repository\n- To approve pull requests on protected branches in any repository in a Secure Source Manager instance:\n - [Secure Source Manager Repository Pull Request Approver](/iam/docs/roles-permissions/securesourcemanager#securesourcemanager.repoPullRequestApprover) (`roles/securesourcemanager.repoPullRequestApprover`) on the Google Cloud project for the instance\n - [Secure Source Manager Repository Writer](/iam/docs/roles-permissions/securesourcemanager#securesourcemanager.repoWriter) (`roles/securesourcemanager.repoWriter`) on the Google Cloud project for the instance\n- To approve pull requests on protected branches in a single repository:\n - [Secure Source Manager Repository Pull Request Approver](/iam/docs/roles-permissions/securesourcemanager#securesourcemanager.repoPullRequestApprover) (`roles/securesourcemanager.repoPullRequestApprover`) on the repository\n - [Secure Source Manager Repository Writer](/iam/docs/roles-permissions/securesourcemanager#securesourcemanager.repoWriter) (`roles/securesourcemanager.repoWriter`) on the repository\n\n \u003cbr /\u003e\n\n\nFor more information about granting roles, see [Manage access to projects, folders, and organizations](/iam/docs/granting-changing-revoking-access).\n\n\nYou might also be able to get\nthe required permissions through [custom\nroles](/iam/docs/creating-custom-roles) or other [predefined\nroles](/iam/docs/roles-overview#predefined).\n\nFor information on granting Secure Source Manager roles,\nsee [Access control with IAM](/secure-source-manager/docs/access-control) and\n[Grant users instance access](/secure-source-manager/docs/grant-users-instance-access).\n\nCreate a branch protection rule\n-------------------------------\n\nTo create a new branch protection rule, do the following:\n\n1. In the Secure Source Manager web interface, select the repository you want to protect with a branch protection rule.\n2. From the repository page, click **Settings**.\n3. Click the **Branch rule** tab.\n4. Click **Add branch rule**.\n5. In the **Branch rule ID** field, enter a name for the branch rule.\n\n Branch rule IDs are restricted to lower-case letters, numbers,\n and hyphens. The first character must be a letter, and the last character\n must be a letter or a number. Branch rule IDs have a 63 character\n maximum.\n6. In the **Branch filter** field, enter the name of the branch you want\n the rule to apply to, or if you want the rule to apply to all branches,\n enter `.*`. Full regular expression matching is not supported.\n\n Enabled branch rule filters must be unique to their repository. Users can\n have multiple disabled branch rule filters. For example, you can't have two\n enabled branch rules in a single repository with the branch filter `main`.\n\n When multiple rules are applicable for a branch, the branch rule with a\n specific branch name as the branch filter will override the wildcard rule.\n For example, a branch rule with branch filter `main` will override a\n branch rule with the branch filter `.*`. Rules are not combined.\n7. In the **Branch protection rule details** section, specify the\n requirements for your branch rule from the following options:\n\n - **Require a pull request before merging**: if enabled, direct\n commits to the branch will be blocked. A pull request must be opened\n before merging into the protected branch.\n\n | **Note:** You can't apply this rule to all branches using `.*`, because that would prevent pushing directly to all branches, even new branches.\n - **Required number of reviewers**: specify the number of\n reviewers required to approve in order to merge the pull request.\n\n - **Required number of approvers**: specify the number of\n approvers required to approve in order to merge the pull request.\n\n Reviewers and approvers are users with specific IAM\n roles. To learn which roles are required for reviewers and approvers,\n see [Branch protection overview](/secure-source-manager/docs/branch-protection-overview).\n - **Block merge on stale reviews and approvals**: if enabled, a review\n or approval is removed if new commits are pushed to the pull request\n after the review or approval is granted.\n\n - **Require conversation resolution before merging**: if enabled,\n all code comments and request change reviews must be resolved before\n merging.\n\n - **Require linear history**: if enabled, pull requests that would create\n a non-linear Git history can't be merged.\n\n - **Require status checks** : if enabled, the selected build status checks\n must be successful before a pull request can be merged. You must\n configure triggers in your [triggers file](/secure-source-manager/docs/triggers-file-schema) before\n you can select them as status checks for branch protection.\n\n8. To save the branch rule, click **Submit**.\n\nThe Branch rules tab is displayed, with your new branch rule listed.\n\nModify a branch protection rule\n-------------------------------\n\nTo modify a branch protection rule, do the following:\n\n1. In the Secure Source Manager web interface, select the repository with the branch protection rule you want to modify.\n2. From the repository page, click **Settings**.\n3. Click the **Branch rules** tab.\n4. Click the name of the branch rule you want to modify.\n5. Edit the branch protection rule.\n6. Click **Update**.\n\nThe branch protection rule is updated.\n\nDelete a branch protection rule\n-------------------------------\n\nTo delete a branch protection rule, do the following:\n\n1. In the Secure Source Manager web interface, select the repository that you want to remove the branch rule from.\n2. From the repository page, click **Settings.**\n3. Click the **Branch rule** tab.\n4. In the row of the rule you want to delete, click the **Delete** icon.\n5. In the **Remove branch rule** confirmation screen, click **Yes**.\n\nThe branch protection rule is deleted.\n\nWhat's next\n-----------\n\n- Read the [Branch protection overview](/secure-source-manager/docs/branch-protection-overview).\n- Learn how to automate builds by following the steps in [Connect to Cloud Build](/secure-source-manager/docs/connect-cloud-build).\n- Learn how to [check the status of automated builds](/secure-source-manager/docs/create-triggers-file#build-status)."]]
icon.