New Providers: GitLab/Hub API

[mirisbowring]

New feature motivation

In corporate environments, Git and CICD are defacto standard.
Especially GitLab and GitHub are the most used Services.
Often, there are specific compliance / governance rules that require e.g. multiple approvals for an feature request.

Solution Proposed

Having GitLab & GitHub available as providers, it would enable companies to check the projects repositories for compliance issues.

Checks could be:

• Are multiple approvals configured for default / protected branches?
• Is the main branch protected?
• Are scanners configured? (Password, SAST, etc.)
• Are there less then e.g. 3 Maintainers on the Repo?

Describe alternatives you've considered

There are some commercial tools that alter the gitlab api.

An OpenSource example is e.g. scorecard

Additional context

There are some details about CICD Security in general:

• OWASP
• CIS GitLab or GitHub Benchmarks

[pedrooot]

#5430

[HugoPBrito]

Hi @mirisbowring!

I wanted to inform you that the GitHub provider is currently under development and is already executable, so you can try it if you want.

You can see the progress here:

• Provider: feat(github): GitHub integration PoC #5787
• Documentation: feat: add GitHub provider documentation and CIS v1.0.0 compliance #6116

Over the coming weeks, I will be adding more checks, aiming for a first release soon. Stay tuned! 🚀

[mirisbowring]

Ah, sounds amazing!
Will test it during the christmas days :D