As part of best practices, your source code should always in working state so that it can be readily made available in case of the disaster. The easiest way of maintaining this is by making use of various branches for source code modification and merging only valid source code changes in the master branch. Also build and release process is often set on the master branch so that you can always deploy release from working source code. So it becomes further important to protect your master branch from unwanted changes. In this blog post, we’ll discuss how to protect master branch from unwanted changes in VSTS by making use of both permissions and code policies.

Making use of Permissions to adjust Security

A project can have multiple source code repositories for different parts of the project. Not every developer will be contributing to all of those repositories. So you may want to give access to specific developers to specific source code repository.

Create VSTS user Groups

In default configuration, your developers will reside in the Contributors group in project in VSTS. First step is to create groups for specific source code repository for easy segregation of developers. This can easily be done by going to your project in VSTS -> Settings -> Security -> Create Groups:

Let’s provide a name to the group and then click ‘Create Group’:

Once group is created, it will appear in the right side panel. Click on the group name, select members from right panel and then click add to add users:

We can also choose to add other VSTS groups inside a group.

Set up branch/repository security

First, we need to remove the inheritance from the branch because branch security is set up with inheritance. This can be done by going to your project within VSTS -> Settings -> Version Control -> Select repository:

We need to select inheritance and then select off. This can also be done at the branch level. We can then click add and add the VSTS groups or users for that repository/branch:

With the inheritance marked as off, we can also remove previously added groups using ‘remove groups’:

Again above steps can also be applied at branch level.

Use Source code policies

VSTS also provides facility to create source code policies in very easy way. You can apply source code policies to manage one or more of below points:

1. Protect branch from deletion

2. Force code merge by making use of pull requests only and prevent direct merge

3. By making sure that specific reviewers are always added to pull requests. Also configure mandatory approvals from the reviewers.

4. Configure builds before merge to make sure that build passes before pull request can be approved. Set build expiration period.

5. Enforce a merge strategy etc.

To create branch policies, we’ll need to go to your project within VSTS -> Settings -> Version Control -> Select repository -> Select branch and then select branch policy:

We can then select options from new page opened: