1.1.15 Ensure pushing or merging of new code is restricted to specific individuals or teams

Ensure that only trusted users can push or merge new code to protected branches.

Requiring that only trusted users may push or merge new changes reduces the risk of unverified code, especially malicious code, to a protected branch by reducing the number of trusted users who are capable of doing such.

For each repository that is being used, ensure only trusted and responsible users can push or merge new code.

For each repository in use, allow only trusted and responsible users to push or merge new code.

For Azure Devops, ensure Force push, Bypass policies when pushing and Bypass policies when completing pull requests policies are deny or not-set for non admin users on protected branches.