ASSOCIATED DRATA CONTROL
This test is part of the Production Code Changes Restricted control that ensures only authorized company personnel can push or make changes to production code.
WHAT TO DO IF A TEST FAILS
If Drata finds users, with merge access to the default branch of your version control system repositories, that are not authorized by the company in Drata the test will fail. With a failed test you will receive a list of unauthorized users that have merge access rights.
To remediate a failed test, you will need to review the users within your version control system and ensure that these are authorized within Drata to write to default branches. This can be done by either enabling the respective flag for the user within Drata, confirming that the user should have merge access to the default branch, or revoking the user's access in the version control system.
STEPS TO REMEDIATE
Log in to Drata as an Admin
Ensure that the appropriate IDP, Infrastructure, and Version Control providers are connected.
For Version Control accounts that have access to merge into the default branch, toggle the 'merge into default branch' flag in the 'Manage Version Control Accounts' page.