AppSec expert Niroshan Rajadurai says putting developers at the center of everything will enable you to meet your security goals.
While effective code review is essential to every successful project, it’s not always clear who should review files—even with GitHub’s reviewer suggestions. Now repository maintainers can define exactly which people and teams need to review projects using code owners. This new feature automatically requests reviews from the code owners when a pull request changes any owned files.
To specify code owners, create a file named
CODEOWNERS in the repository’s root directory (or in
.github/ if you prefer) with the following format:
This format may be familiar if you’ve used
With that in place, code owners will automatically be requested for review whenever a pull request touches the files they own.
For projects with more rigorous review processes, we’ve also added a new protected branch option to ensure the right people have a chance to review.
With protected branches enabled, a code owner for each owned file has to leave a review before anyone can merge a pull request to that branch.
We hope this helps make your review process even more effective. Let us know if you have any feedback on code owners using our help form.
The code owners feature was inspired by Chromium’s use of