rampart

Audit and enforce GitHub branch protection rules across repos

Go MIT
View on GitHub
0 Stars
0 Forks
0 Issues

Languages

Go 100%

Top Contributors

wdm0006 wdm0006 6 dependabot[bot] dependabot[bot] 3

Recent Releases

v0.3.0 v0.3.0 Feb 15, 2026 v0.2.0 v0.2.0 Feb 15, 2026 v0.1.0 v0.1.0 Feb 14, 2026

Project Info

Created
February 14, 2026
Last Updated
February 15, 2026
License
MIT
Default Branch
main

About This Project

Rampart audits and enforces GitHub branch protection rules consistently across repositories for users or organizations. Define your protection rules in YAML, then audit compliance or automatically fix non-compliant repos.

Features

  • Audit Mode: Check all repos against your defined protection rules
  • Apply Mode: Automatically fix non-compliant repositories
  • YAML Configuration: Define 11 distinct rule categories in a config file
  • Org-Wide or Single Repo: Target an entire organization or individual repositories
  • HTML Reports: Generate compliance reports
  • CI/CD Ready: Non-zero exit codes for pipeline integration
  • Dry-Run: Preview changes before applying them
  • Smart Filtering: Automatically excludes forks and archived projects

Installation

# Homebrew
brew install wdm0006/tap/rampart

# Or Go install
go install github.com/wdm0006/rampart@latest

Requires GitHub CLI (gh) installed and authenticated with admin access to managed repos.

Usage

# Audit all repos in an org
rampart audit --org my-org --config rampart.yaml

# Apply protections
rampart apply --org my-org --config rampart.yaml

# Dry-run first
rampart apply --org my-org --config rampart.yaml --dry-run

The config supports pull request requirements, approval thresholds, code owner enforcement, status check validation, and more. Use branch: default to target each repo’s actual default branch.