Skip to main content
Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Updating Default Branch

What is a default branch?

A default branch is the primary branch in your repository that serves as the base for pull requests and code scanning. By default, GitHub uses the main branch. When someone visits your repository on GitHub.com, they see the contents of the default branch.

How does the VA use default branches for code scanning?

The VA’s code scanning policy requires all repositories to have code scanning enabled for eligible languages. To enforce this, the VA has implemented automation using Required Workflows that perform automated checks on pull requests.

This automation is triggered when a pull request is opened. The VA GitHub organization uses an Organization Ruleset that:

  • Requires pull requests for all changes to the default branch
  • Enforces code scanning requirements on these pull requests
  • Targets the default branch of each repository

Which branch should I use as my default branch?

Your default branch should point to your latest deployable production branch. While this is typically the main branch, your repository may use a different convention.

If your CI/CD system has specific requirements that prevent updating your default branch, you have two options:

  1. For repositories requiring frequent default branch changes, see the Default Branch Management section of our exemption policy

  2. For repositories needing to target a different branch for code scanning, open a Request to Target Alternate Branch in CodeQL ticket. Our automation will create a custom ruleset for your repository that targets your specified branch.

How do I update my default branch?

To change your default branch:

  1. Open a GitHub User Request
  2. Select the appropriate issue template
  3. Specify which branch you want to set as the default
  4. The GitHub Admin team will review and implement the change

The GitHub Admin team handles all default branch changes to ensure compliance with VA security policies and to prevent disruption to automated scanning.

If you need to update your default branch frequently, consider using the Default Branch Management exemption policy.