Should this be more explicit about how force pushes are handled?
- id: OSPS-03
maturity_level: 1
category: Access Control
criteria: |
The project's version control system MUST
prevent unintentional direct commits against
the primary branch.
objective: |
Reduce the risk of accidental changes to the
primary branch of the project's repository,
ensuring that due diligence is done before
commits are merged.
implementation: |
Set branch protection on the primary branch
in the project's version control system
requiring changes to be made through
pull/merge requests or other review
mechanisms.
Should this be more explicit about how force pushes are handled?