Help Center
Go back to application
Help Center
Go back to application
Platform Terms GlossaryContacting Support and Reporting Bugs
Task Management
Task Management explained Creating Tasks Setting up Task NotificationsGiving permissions to team members
Organization
Working together in KertosInviting UsersCreating rolesAssigning System AccessCreating Departments and Assigning Users
Integrations
Discovery
Tasks
Device Management
Human Resource Information Systems
Inventory
Inventorization of vendorsInventorization of systemsInventorization of assetsEU AI Act: Inventorization of AI use cases
Risks
Managing risks
Trust Center
Setting up your trust center
Incidents
Reporting incidents
KAIA
KAIA explainedPrinciples of AI at Kertos
Interacting with KAIA
Compliance
Frameworks explainedManaging & implementing controlsCreating & managing policiesCompleting & assigning trainingsGuidanceDetermining Control Applicability
Privacy Management
Creating a RoPACreating TOMsCreating DPIAs
Data Subject Requests
API Reference
Ingress API Docs for DSRs Webhook API Docs for DSRs
Auto Checks
Auto Checks explainedAuto Checks: AWS Auto Checks: AzureAuto Checks: GCPAuto Checks: GitHubEnabling Auto Checks by Reconfiguring the Azure IntegrationEnabling Auto Checks by Reconfiguring the GCP IntegrationEnabling Auto Checks by Reconfiguring the AWS Integration
AWS Auto Checks Detailed Explanations
Azure Auto Checks Detailed Explanations
GitHub Auto Checks Detailed Explanations
Ensure secret scanning is enabled to detect sensitive dataEnsure code owner approval is required for owned code changesEnsure at least two approvals are required before merging codeEnsure branches are deleted automatically after mergingEnsure unresolved conversations block mergesEnsure force push is disabled for all branchesEnsure admins are subject to branch protection rulesEnsure a CODEOWNERS file exists in the repositoryEnsure inactive repositories are archivedEnsure all required status checks pass before mergingEnsure linear history is enforced on the default branchEnsure branch protection is enforced on the default branchEnsure the default branch cannot be deletedEnsure vulnerability scanning is enabled for repository dependenciesEnsure public repositories include a SECURITY.md fileEnsure all organization members have MFA enabledEnsure only signed commits are accepted

Ensure all required status checks pass before merging

Framework Reference: A.8.25 (Secure Development Lifecycle) Integration: GitHub – Branch Protection

Why this matters

Status checks validate that code changes meet quality, security, and compliance standards before they are merged.
These checks can include automated tests, linting, build verification, vulnerability scans, or CI/CD pipelines.

Requiring all status checks to pass before merging ensures that:

  • Only validated code enters protected branches
  • Security and quality gates are consistently enforced
  • Repositories comply with organizational review and testing policies

Without this control, developers could merge untested or failing code, introducing regressions or vulnerabilities into production.

What this check does

This check verifies that for each protected branch:

  • The “Require status checks to pass before merging” option is enabled.
  • All configured status checks (such as GitHub Actions workflows or third-party CI jobs) are required and passing.

If the branch protection rule does not enforce required status checks, or if some checks are optional, the Auto Check will fail or report “Unable to verify.”

How to fix it

From the GitHub Web Console

  1. Go to your repository on GitHub.
  2. Navigate to Settings → Branches.
  3. Under Branch protection rules, click Add rule or edit an existing one.
  4. In the Require status checks to pass before merging section, check Require status checks to pass before merging.
  5. Select the specific checks that must pass (e.g., build, test, lint, security scan).
  6. Optionally, enable Require branches to be up to date before merging to ensure the base branch is current.
  7. Click Save changes.

Once configured, pull requests cannot be merged until all required checks pass successfully.

Exceptions

  • Admins can override this restriction unless “Include administrators” is enabled.
  • Status checks must be triggered by a workflow (such as GitHub Actions) or third-party CI provider integrated with the repository.
  • If a check name changes (e.g., due to CI configuration updates), it must be reselected in the protection rule.

Further Resources

Was this article helpful?

Powered by Product Fruits