An unprotected main branch means anyone with write access can push straight to production β no review, no CI. We check branch protection per repo across your whole org.
Run a free domain scan All checks βWe read the branch protection rules on your default branches: do you require pull request review, green status checks, signed commits, linear history β and can admins bypass it all with a direct push?
Change management is a core control in SOC 2, ISO 27001 and NIS2. An unprotected branch is also the easiest path for a compromised developer key to slip backdoors into production unseen.
Do you clone our code?
For the branch-protection check: no β we only read repo settings via the GitHub API. Deeper repo scanning (secrets/dependencies) is a separate, optional step.
What access is needed?
A read token with repo and org read. We never write anything to your repos.
Do you cover GitHub Enterprise?
Yes, both github.com orgs and GitHub Enterprise Cloud.
Run a free scan or order a full Security Assessment β prioritised, not noise.
Run a free domain scan