Enable branch protection

Enabling branch protection and making Socket a required GitHub check is crucial for maintaining the integrity and security of your codebase. This process ensures that no code can be merged into your protected branches without passing the Socket security checks, thereby enforcing rigorous security standards.

Steps to Enable Branch Protection

1. Navigate to Repository Settings:

   • Go to your GitHub repository.
   • Click on the Settings tab, located at the top of the repository page.

2. Access Branch Protection Rules:

   • In the left sidebar, click on Branches under the Code and automation section.
   • Scroll down to the Branch protection rules section and click on Add rule.

3. Create a Branch Protection Rule:

   • In the Branch name pattern field, specify the branch you want to protect (e.g., main, master, or develop).
   • Check the box for Require status checks to pass before merging.

4. Set Required Status Checks:

   • After checking Require status checks to pass before merging, a list of available status checks will appear.
   • Locate Socket Security: Pull Request Alerts in the list and check it. This will make the Socket check mandatory for merges.
   • Optionally, you can also select Require branches to be up to date before merging to ensure that the branch is up-to-date with the base branch before merging.

5. Save Changes:

   • Scroll down and click on Create or Save changes to apply the branch protection rule.

Example Configuration

Here is a typical configuration for protecting the main branch:

• Branch name pattern: main
• Protect matching branches: ✅ Checked
• Require pull request reviews before merging: ✅ Checked
• Require status checks to pass before merging: ✅ Checked
  • Status checks that are required:
    • Socket Security: Pull Request Alerts
• Require branches to be up to date before merging: ✅ Checked
• Include administrators: Optional, depending on whether you want admins to bypass these rules.

Additional Notes

• Socket Integration: Ensure that Socket is properly integrated with your GitHub repository. If you haven't already, install the Socket GitHub app from the GitHub Marketplace and configure it to monitor your repository.
• Managing Alerts: Regularly review and triage alerts generated by Socket to maintain the security of your codebase. Utilize Socket's features to block, warn, monitor, or ignore specific alerts based on their severity and relevance to your project.

Conclusion

By enabling branch protection and making Socket a required GitHub check, you enforce stringent security measures and maintain high standards for code quality and security. This setup helps in proactively identifying and mitigating security risks, thereby ensuring the integrity of your software development lifecycle. For more detailed guidance, refer to the Socket Documentation.