Skip to content

Support GitHub Repository Rulesets in Prowler GitHub Checks #9530

New issue
New issue
Open
Open
Support GitHub Repository Rulesets in Prowler GitHub Checks#9530
Labels
feature-requestNew feature request for Prowler.status/waiting-for-revisionWaiting for maintainer's revision
@FallenAtticus

Description

@FallenAtticus
FallenAtticus
opened on Dec 12, 2025

Feature search

  • I have searched the existing issues and this feature has not been requested yet or is already in our Public Roadmap

Which component would this feature affect?

Prowler CLI/SDK

Related to specific cloud provider?

GitHub

New feature motivation

Hey everyone 👋

I’m currently reviewing the integration of GitHub checks in our organization using Prowler Cloud and noticed that the existing GitHub repository checks are still based on the legacy branch protection rules.

GitHub introduced repository rulesets a few months ago, and we’ve already migrated our repositories to use these new rules. As a result, the current Prowler checks are reporting many false positives, since they no longer reflect the actual protection settings applied via rulesets.

I also noticed that the Python package currently used for GitHub integration, github (https://pypi.org/project/github/#history), hasn’t had a release since mid of 2022. It looks like repository rulesets are not available as models in that package, which might explain why they’re not yet supported in the checks.

Solution Proposed

It would be great if Prowler could:

  1. Add support for GitHub repository rulesets in the GitHub checks.
  2. Ensure that security checks consider both: Legacy branch protection rules (for backward compatibility), and The new repository rulesets (to avoid false positives for orgs that have migrated).
  3. If necessary, update or replace the current GitHub Python client so that rulesets can be queried via the GitHub API, as it would ease up further check development for GitHub

Use case and benefits

  • Avoid large numbers of false positives for organizations using rulesets.
  • Keep Prowler’s GitHub checks aligned with GitHub’s current recommended configuration model.
  • Improve trust in the scanning results and reduce noise for security and platform teams.

Describe alternatives you've considered

Refactor and patch the existing GitHub Service so that it fetches the rules via RestAPI and sets the attributes similiar to the branch protection rules.

Additional context

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    feature-requestNew feature request for Prowler.status/waiting-for-revisionWaiting for maintainer's revision

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions