repomedic repomedic
Use this command to install repomedic:
winget install --id=repomedic.repomedic -e The Governance Auditor for GitHub Fleets
Loading...
README
RepoMedic
RepoMedic scans GitHub repositories and organizations to detect risky, missing, or inconsistent configuration.
It helps teams catch security gaps and configuration drift early, locally or in CI.
Install
Homebrew
brew install repomedic/tap/repomedic
Winget
winget install repomedic.repomedic
Usage
Scan a single repository:
repomedic scan --repos owner/name
Scan an entire GitHub organization:
repomedic scan --org my-org
Authenticate using the GitHub CLI (preferred):
gh auth login --scopes "repo admin:org"
Or using an environment variable:
export GITHUB_TOKEN=ghp_...
Example output
[PASS] repo-a: default-branch-protected
[FAIL] repo-a: codeowners-exists - CODEOWNERS file is missing
[PASS] repo-b: branch-protect-enforce-admins
Exit codes:
- 0: all checks passed
- 1: one or more checks failed
- 2: partial failure (error evaluating some rules)
- 3: fatal error
Rules
RepoMedic audits configuration state using deterministic rules:
- Branch Protection: Checks for PR reviews, status checks, push restrictions, and admin enforcement.
- Secret Scanning: Verifies enablement and availability.
- Repository Standards: Enforces descriptions, READMEs, and visibility settings.
- CODEOWNERS: Checks for the existence of ownership definitions.
- Merge Method Consistency: Ensures repositories follow a consistent merge policy.
License
Apache 2.0