Use GitHub settings or automate it with a security tool
You can check a GitHub repo’s branch protection by navigating to Settings > Branches in the repository and reviewing the protection rules applied to each branch. If you’re managing more than one repo (and who isn’t?), you’ll want to automate this, either by scripting against the GitHub API or by using a purpose-built security app.
Manual checks are fine if you’ve got one lonely repo. But if you’re aiming for real GitHub security, you need to know which branches are protected, which aren’t, and what rules are being enforced across all your repos. That’s where Sola comes in. You can spin up a custom app with our AI co-pilot or grab the GitHub Security Posture App from the gallery. Either way, you’ll get instant answers without messing around with integrations or configs.
Manual checks are fine if you’ve got one lonely repo. But if you’re aiming for real GitHub security, you need to know which branches are protected, which aren’t, and what rules are being enforced across all your repos. That’s where Sola comes in. You can spin up a custom app with our AI co-pilot or grab the GitHub Security Posture App from the gallery. Either way, you’ll get instant answers without messing around with integrations or configs.
Sola apps that could help you
Visit the App GalleryBest Practices for GitHub Branch Protection
GitHub branch protection rules are your front line of defense. At a minimum, you should enforce:
- Required pull request reviews before merging.
- Status checks to ensure tests pass.
- Push restrictions to prevent direct commits to protected branches.
- Required signed commits for auditability.
- No force pushes or deletions on main/release branches.
That’s your GitHub compliance starter pack right there. These settings block most of the stupid mistakes that turn into production incidents or security audits from hell. If you’re not enforcing these org-wide, you’re probably flying blind.
How to Check Branch Protection at Scale
For one-off checks, go to your repo on GitHub, then:
- Click Settings → Branches
- Under “Branch protection rules”, select the branch
- Review the applied settings (pull reviews, checks, etc.)
For multiple repos, the GitHub REST API (/repos/{owner}/{repo}/branches/{branch}/protection) is your friend. Or just skip the scripts and use Sola: build an app that shows protection status across all branches and repos, flags violations, and lets you take action without leaving your workspace.
With the GitHub Security Posture App, you can monitor protection status across all branches and repos, flag gaps, and even create alerts. Customize it however you like. Yes, even your weird branching strategy.