PR & Branch Configuration
This guide explains how to configure branch protection rules and policies to block pull requests when the Flyingduck security check fails.
Overview
When Flyingduck scan completes on a pull request, it reports the status as a required check. By enabling branch protection rules, you can automatically block merging if the Flyingduck scan finds security issues
Select the provider
GitHub Branch Protection Rules
Prerequisites
- Admin or Owner access to your repository or organization
- Flyingduck GitHub App installed and integrated with your GitHub account
- GitHub integration completed with Cloud App mode in Flyingduck
- PR scan enabled for your repository in the Flyingduck portal
If your GitHub account does not have an eligible paid plan, these protections are typically enforceable only on public repositories. To enforce them on private repositories and at the organization level, use a GitHub plan that supports those features.
Step-by-Step Configuration
1. Navigate to Branch Protection Settings
Go to your repository on GitHub:
- Click Settings
- In the left sidebar, click Branches
- Click Add rule
2. Specify the Branch Pattern
In the Branch name pattern field, enter the branch you want to protect, such as main.
3. Configure Branch Rule Settings
In the Branch protection rules or Branch rules section:
- Enable Require status checks to pass before merging
- Keep Do not require status checks on creation unchecked
4. Add Flyingduck as a Required Check
After enabling status checks, search for and select Flyingduck flyingduck-scanner.
The check name appears as "Flyingduck flyingduck-scanner" whether it passes, fails, or times out. Once configured, GitHub will block PR merging until this check completes successfully.
5. Save the Rule
Click Create or Save to apply the branch rule.
Flyingduck Check Results
When a PR is submitted with code changes, Flyingduck scans the code automatically and reports the status:
✅ Success - PR can be merged
- Check shows:
Flyingduck flyingduck-scanner - No Issues Found
❌ Failed - PR is blocked from merging
- Check shows:
Flyingduck flyingduck-scannerwith failure status - PR is blocked
⏱️ Timed out - PR is blocked from merging
- Check shows:
Flyingduck flyingduck-scannerwith timeout status - PR is blocked
Flyingduck Check Results (GitHub)
When a PR is submitted with code changes, Flyingduck scans the code automatically and reports the status:
✅ Success - PR can be merged
- Check shows:
Flyingduck flyingduck-scanner - No Issues Found
❌ Failed - PR is blocked from merging
- Check shows:
Flyingduck flyingduck-scannerwith failure status - PR is blocked
⏱️ Timed out - PR is blocked from merging
- Check shows:
Flyingduck flyingduck-scannerwith timeout status - PR is blocked
GitHub Troubleshooting
Issue: "Flyingduck flyingduck-scanner" check not showing in required status checks list.
Solution:
- Ensure Flyingduck GitHub App is installed on the repo
- Run a test PR to trigger a scan
- The check will appear after the first scan completes
- Refresh the page if needed