Sprinto Dashboard

Branch Protection & Dependabot Alerts

Secure your development pipeline by enforcing branch protection rules and enabling Dependabot alerts on GitHub to pass Sprinto's source control monitors.

Source control systems like GitHub and GitLab manage your organisation’s codebase, making them high-value targets for security breaches. Sprinto monitors whether branch protection rules and vulnerability scanning tools such as Dependabot are configured to ensure code integrity and reduce the risk of unreviewed or vulnerable code being introduced.

This article outlines how Sprinto evaluates these monitors, the platforms they apply to, and how to remediate failed checks.

What is Monitored

Sprinto checks for two key source control protections:

  1. Branch Protection Rules

    • Prevents direct commits to critical branches (e.g., main, production)

    • Requires pull request reviews before merging

    • Enforces status checks, signed commits, and linear history

  2. Vulnerability Scanning with Dependabot

    • Detects outdated or vulnerable dependencies

    • Automatically opens pull requests to resolve known issues

Supported Platforms

Platform
Branch Protection
Vulnerability Scanning

GitHub

Supported

Dependabot

GitLab

Supported (via Protected Branches)

Not monitored

Bitbucket

Supported (limited rules)

Not monitored

How to Configure Branch Protection (GitHub)

  1. Go to Repository Settings > Branches.

  2. Under Branch Protection Rules, click Add Rule.

  3. Define the branch pattern (e.g., main).

  4. Enable:

    • Require pull request reviews before merging

    • Require status checks to pass

    • Include administrators (optional)

    • Require signed commits (recommended)

  5. Save the rule.

Sprinto will automatically fetch branch protection configurations during the next sync.

How to Enable Dependabot Alerts (GitHub)

  1. Go to Repository Settings > Code security and analysis.

  2. Enable the following:

    • Dependabot alerts

    • Dependabot security updates

    • Automated version updates (optional)

  3. Ensure repository visibility is public or private with security settings enabled.

  4. You can also configure a .github/dependabot.yml file to manage update frequency.

Remediating the Monitor in Sprinto

  • For GitHub:

    • Sprinto automatically checks your repo settings during integration.

    • If Dependabot or branch protection is missing, update the settings as above.

  • For GitLab and Bitbucket:

    • Ensure protected branches are defined.

    • For manual monitors, upload a screenshot of the branch protection config.

  • Click Mark as Resolved once updated.

Best Practices

  • Apply branch protection to all production and staging branches.

  • Use code owners to enforce domain-specific reviews.

  • Enable auto-merge for Dependabot PRs with passing checks.

  • Review and rotate access tokens and CI/CD secrets regularly.

PreviousAudit Logs & Evidence TrailsNextWorkflow Check Resolution

Last updated