The required reviewer rule for repository rulesets is now generally available, giving you granular control over who must approve changes to specific branches and files across your organization or enterprise.

What’s new since public preview

Since the public preview, we’ve added support for negation patterns using ! — just like .gitignore. You can now exclude specific files or folders from a review requirement, making it easier to define precise policies without overly broad rules.

With the required reviewer rule, you can:

  • Require a specific number of approvals from designated teams before merging into protected branches
  • Target specific files and folders using pattern matching, with ! negation to exclude paths
  • Scale review policies consistently across repositories, organizations, or your entire enterprise

How this differs from CODEOWNERS

While CODEOWNERS defines ownership, this rule focuses on policy enforcement. It makes it simple to require specific approvals on sensitive branches and critical code paths, all while scaling seamlessly across your enterprise.

For example, you can ensure that *.sql changes always have a review from your data platform team or that changes to authentication files and folders always have two reviews from your security team before they merge into your main branch.

The required reviewer rule augments CODEOWNERS files but doesn’t replace them. CODEOWNERS files remain the best way to manage ownership, support individuals as reviewers, and request reviews even when not required.

Learn more in our documentation about rulesets.

Join the discussion within GitHub Community.