Drata

Drata now supports <a href="https://docs.github.com/en/enterprise-cloud@latest/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets" rel="nofollow noopener noreferrer" target="_blank">GitHub organizational rulesets</a> in our <a href="https://help.drata.com/en/articles/4663377-connecting-github-to-drata">GitHub integration for Version Control</a>. Follow these steps to enable the Drata Autopilot system access to your organizational rulesets and apply these rulesets to the Formal Code Review Process test.

Note: Due to recent GitHub updates, Drata can now access both organizational and repository rulesets with Read-only permissions, eliminating the need for elevated access. Organization and repository rulesets are supported. ​

To use GitHub rulesets, ensure your setup meets the following requirements:

Use a <a href="" rel="nofollow noopener noreferrer" target="_blank">GitHub Enterprise Cloud</a>, <a href="https://help.drata.com/en/articles/9265902-github-enterprise-server-connection">GitHub Enterprise Server</a>.

- Drata supports both organization and repository rulesets.

You must include ALL branches or the Default Branch. Default branches must be directly targeted, as paths are not supported.

One or more approvers must be specified.

Grant Administration Read permissions under Organization permissions.

- Use a <a href="" rel="nofollow noopener noreferrer" target="_blank">GitHub Enterprise Cloud</a>, <a href="https://help.drata.com/en/articles/9265902-github-enterprise-server-connection">GitHub Enterprise Server</a>.
 - Drata supports both organization and repository rulesets.
- You must include ALL branches or the Default Branch. Default branches must be directly targeted, as paths are not supported.
- One or more approvers must be specified.
- Grant Administration Read permissions under Organization permissions.

To grant Administration Read permissions under Organization permissions:

- You can access your organizations by selecting your user icon and then Your organization.


Select the Settings tab and then App settings.

Select Permissions &amp; events. On the Permissions page, expand the Organization permissions section and then select Read-only for Administration permission.

1. Log into Github as an Admin. 
2. Select your organization within Github. 
 - You can access your organizations by selecting your user icon and then Your organization.

3. Select the Settings tab and then App settings.

4. Select Permissions &amp; events. On the Permissions page, expand the Organization permissions section and then select Read-only for Administration permission.
 
 
5. Save your changes

Log in as an Admin in GitHub and select Your organizations.

Expand Repository and select Repository rulesets.

1. Log in as an Admin in GitHub and select Your organizations.

2. Select the relevant organization.
3. Navigate to Settings.

4. Expand Repository and select Repository rulesets.

Here, you can start to configure your rulesets. 

Select the New branch ruleset or select an existing ruleset to edit.

Set Enforcement Status to Active.

Choose Target repositories to be one of the following:

- All repositories
- Dynamic list by name
- Select repositories 
 - If selected, continue and add specific repositories.

___________________________________________________________

Note: Some configurations, such as Target: Dynamic list by property, are currently not supported.

Under Target branches, choose Include default branch or Include all branches.

- Note: Default branches must be directly targeted. Paths (such as <code>/not/supported/*/main</code>) are not supported.

- Require a pull request before merging.
- Specify Required approvals (must be 1 or more).

1. Select the New branch ruleset or select an existing ruleset to edit.
2. Enter a Ruleset Name.
3. Set Enforcement Status to Active.
4. Bypass list is optional.
5. Choose Target repositories to be one of the following:
 - All repositories
 - Dynamic list by name
 - Select repositories 
 - If selected, continue and add specific repositories.
 ___________________________________________________________
 Note: Some configurations, such as Target: Dynamic list by property, are currently not supported.
 ___________________________________________________________
6. Under Target branches, choose Include default branch or Include all branches.
 - Note: Default branches must be directly targeted. Paths (such as <code>/not/supported/*/main</code>) are not supported.

7. Configure Branch protections:
 - Require a pull request before merging.
 - Specify Required approvals (must be 1 or more).
8. Save changes.

If issues arise, use the JSON results from the Formal Code Review monitoring test to identify any failed repositories. Only repositories with failures are displayed; passing repositories will not appear in this list.

Prerequisite

Grant Administration Read permissions

Set up organizational rulesets in GitHub

Create a repository ruleset

Troubleshooting