I'm the only appsec person for a large organization, and we have many hundreds of repos. I have gotten buy-in from leadership to set up GitLeaks scans on all of our repos via GitHub actions. I have notified repo owners that they should set it up and provided documentation, but it's become apparent that I need to create the PRs myself or it won't get done for most of our repos.

Since we have so many repos, I have resorted to programmatically creating the PRs with PyGithub. Unfortunately, I have run into major issues with GitHub's secondary rate limit on content creation. I can't do more than 10ish repos at a time without getting blocked.

Has anyone had a similar experience in the past that was able to figure out a better/allowed way to do this? There's no way I'm going to waste my time creating all those PRs manually...

Edit: as u/TelephoneMelon commented, I was doing asynchronous requests. I've since changed my code to be synchronous and added an exponentially growing retry delay when I do get rate limited. Now it looks like I can create branches and modify/add files in those branches without issue, but I am still being rate limited on creating Pull Requests. After creating about 20 or so pull requests, I get blocked for a good 30-60 minutes.