This repository has been archived on 2026-07-08. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
infospace-bench/infospaces/patterns-of-it-securita-architecture/artifacts/entities/pattern-protected-main-branch.md

1.1 KiB

Pattern: Protected Main Branch

Status: seed Readiness target: RL2 private beta Primary owners: product repos, NetKingdom Genesis family: Supply chain

Problem

Production code can be changed without review, tests, or traceable approval when the main branch is not protected.

Context

Use this pattern for repositories that produce production services, platform manifests, policy packages, documentation standards, or release artifacts.

Forces

  • Teams need fast iteration.
  • Production branches need review and checks.
  • Emergency fixes need traceable override.
  • Branch rules should match artifact criticality.

Solution

Protect main and release branches with review, required checks, signed or verified changes where useful, and explicit emergency override procedures.

Verification

  • Direct pushes to protected branches are blocked.
  • Required tests and reviews pass before merge.
  • Emergency overrides are logged and reviewed.
  • Release artifacts link back to protected branch commits.
  • GitOps with Guardrails.
  • SLSA Build Provenance.
  • SBOM-per-Release.
  • Supply-Chain Provenance.