[Vanta] Remediate "Application changes reviewed"

What's wrong?
Your version control system is not set up to require code reviews.

GitHub Repo
<ul>
<li><a href="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/Dintero/dintero-ios-native-example">dintero-ios-native-example (Dintero)</a></li>
</ul>

How to fix?
Set up protected branches in your version control tool account to make sure that changes are reviewed and approved.

1. Protect the default branch (or production branch, if it was explicitly specified during linking) in each <a href="https://help.github.com/articles/configuring-protected-branches/">GitHub</a>, <a href="https://confluence.atlassian.com/bitbucket/branch-permissions-385912271.html">Bitbucket</a>, <a href="https://docs.gitlab.com/ee/user/project/protected_branches.html">GitLab</a>, or <a href="https://docs.microsoft.com/en-us/azure/devops/repos/git/branch-policies">Azure DevOps</a> repository, or <a href="https://docs.aws.amazon.com/codecommit/latest/userguide/how-to-create-pull-request-approval-rule.html">AWS CodeCommit</a> repository. In most cases, the default branch is the `main` branch.
2. Set up required reviews
   - In GitHub, set up either a <a href="https://help.github.com/articles/enabling-required-reviews-for-pull-requests/">protection rule</a> or a <a href="https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository">ruleset</a>.
   - In Bitbucket, set up a <a href="https://confluence.atlassian.com/bitbucket/suggest-or-require-checks-before-a-merge-856691474.html">merge check for at least one approval</a>.
   - In GitLab, set up <a href="https://docs.gitlab.com/ee/user/project/merge_requests/merge_request_approvals.html">merge request approvals</a> or <a href="https://docs.gitlab.com/ee/user/project/protected_branches.html#protected-branches-approval-by-code-owners-premium">required approval by codeowners</a>. If requiring approval by codeowners, be sure to create <a href="https://gitlab.com/help/user/project/code_owners.md">a CODEOWNERS file for the repository.</a>
   - In Azure DevOps, set the <a href="https://docs.microsoft.com/en-us/azure/devops/repos/git/branch-policies?view=azure-devops#require-a-minimum-number-of-reviewers">minimum number of reviewers</a> to be greater than 0, or greater than 1 if "Allow requesters to approve their own changes" is selected. You can also set up a policy to <a href="https://docs.microsoft.com/en-us/azure/devops/repos/git/branch-policies?view=azure-devops#automatically-include-code-reviewers">automatically include code reviewers</a> on all pull requests with a group as a required reviewer and set the minimum number of reviewers to be a greater than 0, or greater than 1 if "Allow requesters to approve their own changes" is selected.
   - In AWS CodeCommit, create an approval rule that includes the default branch and set the <a href="https://docs.aws.amazon.com/codecommit/latest/userguide/how-to-create-pull-request-approval-rule.html#how-to-create-pull-request-approval-rule-console">number of approvals needed</a> to be at least 1.



<i>This issue was automatically created from Vanta. <a href="https://app.eu.vanta.com/c/dintero/tests/code-review-application-config">View test in Vanta</a></i>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Vanta] Remediate "Application changes reviewed" #1

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Vanta] Remediate "Application changes reviewed" #1

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions