Pull request review enforcement auto-remediation

The Pull request review enforcement agent keeps your repositories aligned with security best practices by ensuring that authors are not reviewers and that merges meet your required review rules. It can enforce repository settings at scale and flag or block configurations that allow self-approval.

What the agent does

For connected SCM platforms (for example GitHub or GitLab), the SecureSlate agent can:

1. Audit repository settings (branch protection / merge request approvals).
2. Detect self-approval risk (author can approve, or approvals count even when author is a reviewer).
3. Enforce settings to require external reviewers and approvals.
4. Validate enforcement by re-checking the repository configuration after changes.
5. Create an exception ticket when a repo needs a documented policy exception.

Run auto-remediation

1. Open the failing repository / code review test.
2. Click Auto Fix on the SecureSlate AI can fix this card.
3. Review the target repos, protected branches, and settings to be applied.

Review and approve

You can review:

• Repos/branches impacted (for example main, release/*)
• Proposed approval rules (minimum approvals, code owner review, required reviewer roles)
• Blocked patterns (self-approval, bypass by admins, merge without pipeline)

Then choose:

• Approve — The agent updates repo settings and records evidence.
• Reject — Close without changes.

Common policies you can enforce

• Require at least 1–2 approvals for protected branches
• Disallow self-approval explicitly
• Require CODEOWNERS review for sensitive paths (optional)
• Require successful checks before merge (optional)

Related documentation

• Getting Started with Controls
• Getting Started with Tests