How Top Open Source Projects Protect Their Code: Insights and Best Practices

The study analyzed how top 250 starred open-source projects on GitHub protect their source code, focusing on metrics like Pull Requests (PRs), repo interactions, and quality outcomes. Branch Protection and CODEOWNERS were found to positively impact PR review quality. The research also highlighted the need for better security of software supply chains, CI/CD pipelines, and DevOps toolchains. Key findings include that repositories with more contributors tend to use Branch Protection policies, while usage of CODEOWNERS settings is currently low. Additionally, enabling Branch Protection generally increased PR Review Quality Score, while introducing the CODEOWNERS setting had a mixed impact on mean TBI and interactions. The study suggests opportunities for dynamic approaches to code protection that can improve DevOps processes and enhance code quality.