CKV2_GIT_1: "Ensure each Repository has branch protection associated" Failed even when repository has branch protection.

[yaelvais]

Hi,

When creating a github_repository resource, the check fails for: Check: CKV2_GIT_1: "Ensure each Repository has branch protection associated" FAILED for resource: module.github.module.service_name.github_repository.repository[0]

Even though we do create a github_branch_protection_v3 resource with the repository.

Examples We create the resources using modules:

module "service_name" {
  source = "./repository_mgmt"

  create_repository_enabled   = true
  repository_template         = local.template_repo_name
  repositories_generic_config = local.repositories_generic_config
  repository_name             = "service-name"
  default_branch_name         = local.development_branch_name
  additional_branches         = [
    local.development_branch_name
  ]
  additional_protected_branches = [
    local.main_branch_name
  ]
  required_status_checks = local.tested_services_required_status_checks
}

in repository_mgmt:

resource "github_branch_protection_v3" "protect_branches" {
  for_each = toset(local.protected_branches_list)

  repository = var.repository_name
  branch     = each.key
  required_pull_request_reviews {
    required_approving_review_count = var.approvals_number_for_merging_to_protected_branches
    dismiss_stale_reviews           = true
    require_code_owner_reviews      = var.require_code_owner_reviews
  }
  required_status_checks {
    contexts = concat(local.generic_required_status_checks, var.required_status_checks)
  }

  depends_on = [
    github_branch.additional_branches,
    github_branch_default.default,
  ]
}

Version:

• Checkov Version 3.2.7