The DevOps team is responsible for creating all new repositories and managing their permissions. This ensures consistency, security, and clear ownership across all projects.

Repository Ownership and Metadata

Every repository must include cusotm properties that define:

• Responsible Team – the name of the team or department maintaining the repository.
• Production – indicates whether the repository contains code used in production (true or false).

These properties must be set at repository creation and updated whenever ownership or usage changes.

Production Repository Rules

If the custom property Production is set to true, the following policies apply:

• Pull requests require a minimum of one approval before merging.
• Administrative accounts cannot bypass pull request rules.
• These restrictions are enforced to maintain production stability.
• Dependabot must be enabled to automatically monitor dependencies for vulnerabilities and outdated packages.
All detected vulnerabilities must be addressed according to their severity, following these timelines: critical and high severity issues must be resolved within 30 days, medium severity issues within 60 days, and low severity issues within 90 days.

Rule Overrides

If an exception or temporary relaxation of these rules is required please contact DevOps team in #devops-hotline slack channel