prowler icon indicating copy to clipboard operation
prowler copied to clipboard
verified publisher icon prowler-cloud

New Providers: GitLab/Hub API

Open mirisbowring opened this issue 1 year ago • 4 comments

New feature motivation

In corporate environments, Git and CICD are defacto standard. Especially GitLab and GitHub are the most used Services. Often, there are specific compliance / governance rules that require e.g. multiple approvals for an feature request.

Solution Proposed

Having GitLab & GitHub available as providers, it would enable companies to check the projects repositories for compliance issues.

Checks could be:

  • Are multiple approvals configured for default / protected branches?
  • Is the main branch protected?
  • Are scanners configured? (Password, SAST, etc.)
  • Are there less then e.g. 3 Maintainers on the Repo?

Describe alternatives you've considered

There are some commercial tools that alter the gitlab api.

An OpenSource example is e.g. scorecard

Additional context

There are some details about CICD Security in general:

mirisbowring avatar Oct 17 '24 10:10 mirisbowring

#5430

pedrooot avatar Oct 18 '24 07:10 pedrooot

Hi @mirisbowring!

I wanted to inform you that the GitHub provider is currently under development and is already executable, so you can try it if you want.

You can see the progress here:

  • Provider: https://github.com/prowler-cloud/prowler/pull/5787
  • Documentation: https://github.com/prowler-cloud/prowler/pull/6116

Over the coming weeks, I will be adding more checks, aiming for a first release soon. Stay tuned! 🚀

HugoPBrito avatar Dec 11 '24 09:12 HugoPBrito

Ah, sounds amazing! Will test it during the christmas days :D

mirisbowring avatar Dec 13 '24 08:12 mirisbowring

Hi again @mirisbowring,

We're happy to tell you that GitHub provider has been finally merged. Feel free to take a look, try it and even implement some custom checks that fulfill your needs!

HugoPBrito avatar May 16 '25 08:05 HugoPBrito