This repository has been archived on 2026-07-08. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
infospace-bench/infospaces/patterns-of-it-securita-architecture/artifacts/entities/pattern-protected-main-branch.md

45 lines
1.1 KiB
Markdown

# Pattern: Protected Main Branch
Status: seed
Readiness target: RL2 private beta
Primary owners: product repos, NetKingdom
Genesis family: Supply chain
## Problem
Production code can be changed without review, tests, or traceable
approval when the main branch is not protected.
## Context
Use this pattern for repositories that produce production services,
platform manifests, policy packages, documentation standards, or release
artifacts.
## Forces
- Teams need fast iteration.
- Production branches need review and checks.
- Emergency fixes need traceable override.
- Branch rules should match artifact criticality.
## Solution
Protect main and release branches with review, required checks, signed
or verified changes where useful, and explicit emergency override
procedures.
## Verification
- Direct pushes to protected branches are blocked.
- Required tests and reviews pass before merge.
- Emergency overrides are logged and reviewed.
- Release artifacts link back to protected branch commits.
## Related Patterns
- GitOps with Guardrails.
- SLSA Build Provenance.
- SBOM-per-Release.
- Supply-Chain Provenance.