diff --git a/.github/workflows/e2e_testing.yaml b/.github/workflows/e2e_testing.yaml
index 1c3f11f3..f5721f00 100644
--- a/.github/workflows/e2e_testing.yaml
+++ b/.github/workflows/e2e_testing.yaml
@@ -6,10 +6,14 @@ on:
   release:
     types: [ published ]
   pull_request:
+  pull_request_target:
+    types: [ labeled ]
 permissions:
   contents: read
+  pull-requests: write
 jobs:
   install_and_run_e2e_tests:
+    if: ${{ github.event.pull_request.head.repo.fork == false || (github.event.pull_request.head.repo.fork == true && contains(github.event.pull_request.labels.*.name,'Approve E2E Test')) }}
     runs-on: ubuntu-latest
     strategy:
       matrix:
@@ -46,7 +50,14 @@ jobs:
             extra: --repo Legitify-E2E/bad_branch_protection
 
     steps:
-      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # ratchet:actions/checkout@v3
+      - name: Checkout non-fork
+        if: ${{ github.event.pull_request.head.repo.fork == false }}
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # ratchet:actions/checkout@v3
+      - name: Checkout fork
+        if: ${{ github.event.pull_request.head.repo.fork == true }}
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # ratchet:actions/checkout@v3
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
       - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # ratchet:actions/setup-go@v3
         with:
           go-version: 1.19
@@ -83,3 +94,15 @@ jobs:
           SLACK_COLOR: ${{ job.status }}
           SLACK_MESSAGE: E2E Tests failed - ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
           SLACK_TITLE: "Legitify periodic E2E test failed"
+
+  remove_e2e_label:
+    if: ${{ always() && (github.event.pull_request.head.repo.fork == true && contains(github.event.pull_request.labels.*.name,'Approve E2E Test')) }}
+    needs: install_and_run_e2e_tests
+    runs-on: ubuntu-latest
+    steps:
+      - name: Remove E2E Label
+        run: |
+          gh api --method DELETE -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" repos/${{ github.repository }}/issues/${{ github.event.number }}/labels/${{ 'Approve%20E2E%20Test' }}
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
diff --git a/.legitignore b/.legitignore
index 80f8e063..0b7be619 100644
--- a/.legitignore
+++ b/.legitignore
@@ -3,3 +3,5 @@ instance_8B699E54671FEE1FAC02B830C651450F
 instance_8326D270DF418129D65CC0F25077233E
 instance_5BB71F8938BAD8D688018A6F9505C44D
 instance_0A8CFE3A09E996BDA5D889138D351B7E
+instance_5C5D072C7F47D0E7F38048F9550E3EAA
+instance_E553D24593AB8E5DE68FC9469FEF895D
\ No newline at end of file
diff --git a/policies/github/repository.rego b/policies/github/repository.rego
index ebecfb03..41e4d2d1 100644
--- a/policies/github/repository.rego
+++ b/policies/github/repository.rego
@@ -31,8 +31,8 @@ repository_not_maintained := false {
 }
 # METADATA
 # scope: rule
-# title: Repository Should Have Fewer Than Three Admins
-# description: Repository admins are highly privileged and could create great damage if they are compromised. It is recommended to limit the number of Repository Admins to the minimum required (recommended maximum 3 admins).
+# title: Repository Should Have A Low Admin Count
+# description: Repository admins are highly privileged and could create great damage if they are compromised. It is recommended to limit the number of repository admins to the minimum required, and no more than 5% of the userbase (Up to 3 admins are always allowed).
 # custom:
 #   severity: LOW
 #   remediationSteps:
@@ -49,7 +49,10 @@ default repository_has_too_many_admins := true
 
 repository_has_too_many_admins := false {
 	admins := [admin | admin := input.collaborators[_]; admin.permissions.admin]
-	count(admins) <= 3
+	adminNum := count(admins)
+	userNum := count(input.collaborators)
+	maxAdmins := max([3, ceil(userNum * 0.05)])
+	adminNum <= maxAdmins
 }
 
 # METADATA
@@ -111,8 +114,8 @@ repository_webhook_doesnt_require_ssl[violated] := true {
 
 # METADATA
 # scope: rule
-# title: Forking Should Not Be Allowed for This Repository
-# description: Forking a repository can lead to loss of control and potential exposure of the source code. If you do not need forking, it is recommended to turn it off in the repository configuration. If needed, forking should be turned on by admins deliberately when opting to create a fork.
+# title: Forking Should Not Be Allowed for Private/Internal Repositories
+# description: Forking private or internal repositories can lead to unauthorized spread and potential exposure of sensitive source code. It is recommended to disable forking for private repositories in the repository or the organization configuration to maintain control over the source code. If forking is necessary, it should be enabled selectively by admins for specific collaboration needs on private repositories.
 # custom:
 #   remediationSteps:
 #     - 1. Make sure you have admin permissions
@@ -124,6 +127,10 @@ repository_webhook_doesnt_require_ssl[violated] := true {
 #   threat: Forked repositories cause more code and secret sprawl in the organization as forks are independent copies of the repository and need to be tracked separately, making it more difficult to keep track of sensitive assets and contain potential incidents.
 default forking_allowed_for_repository := true
 
+forking_allowed_for_repository := false {
+	input.repository.is_private == false
+}
+
 forking_allowed_for_repository := false {
 	input.repository.is_private == true
 	input.repository.allow_forking == false
@@ -735,4 +742,4 @@ default secret_scanning_not_enabled := true
 
 secret_scanning_not_enabled := false{
     input.security_and_analysis.secret_scanning.status == "enabled"
-}
\ No newline at end of file
+}
diff --git a/policies/gitlab/repository.rego b/policies/gitlab/repository.rego
index a5d61aaf..6b6aa5ab 100644
--- a/policies/gitlab/repository.rego
+++ b/policies/gitlab/repository.rego
@@ -26,8 +26,8 @@ project_not_maintained := false {
 
 # METADATA
 # scope: rule
-# title: Project Should Have Fewer Than Three Owners
-# description: Projects owners are highly privileged and could create great damage if they are compromised. It is recommended to limit the number of Project Owners to the minimum required (recommended maximum 3 admins).
+# title: Project Should Have A Low Owner Count
+# description: Projects owners are highly privileged and could create great damage if they are compromised. It is recommended to limit the number of Project Owners to the minimum required, and no more than 5% of the userbase (Up to 3 owners are always allowed).
 # custom:
 #   severity: LOW
 #   remediationSteps:
@@ -41,13 +41,16 @@ default project_has_too_many_admins := true
 
 project_has_too_many_admins := false {
 	admins := [admin | admin := input.members[_]; admin.access_level == 50]
-	count(admins) <= 3
+	adminNum := count(admins)
+	userNum := count(input.members)
+	maxAdmins := max([3, ceil(userNum * 0.05)])
+	adminNum <= maxAdmins
 }
 
 # METADATA
 # scope: rule
-# title: Forking Should Not Be Allowed
-# description: Forking a repository can lead to loss of control and potential exposure of source code. If you do not need forking, it is recommended to turn it off in the project's configuration. The option to fork should be enabled only by owners deliberately when opting to create a fork.
+# title: Forking Should Not Be Allowed for Private/Internal Projects
+# description: Forking a project (repository) can lead to loss of control and potential exposure of source code. If you do not need forking, it is recommended to turn it off in the project or group configuration. The option to fork should be enabled only by owners deliberately when opting to create a fork.
 # custom:
 #   remediationSteps:
 #     - 1. Make sure you have owner permissions
diff --git a/test/repository_test.go b/test/repository_test.go
index d9a6dda2..2c239349 100644
--- a/test/repository_test.go
+++ b/test/repository_test.go
@@ -403,11 +403,21 @@ func TestGitlabRepositoryTooManyAdmins(t *testing.T) {
 		}
 	}
 
-	tmpMember := &gitlab2.ProjectMember{
+	tmpAdminMember := &gitlab2.ProjectMember{
 		AccessLevel: 50,
 	}
-	trueCase := []*gitlab2.ProjectMember{tmpMember, tmpMember, tmpMember, tmpMember}
-	falseCase := []*gitlab2.ProjectMember{tmpMember, tmpMember}
+	tmpRegMember := &gitlab2.ProjectMember{
+		AccessLevel: 20,
+	}
+	trueCase := []*gitlab2.ProjectMember{tmpAdminMember, tmpAdminMember, tmpAdminMember, tmpAdminMember}
+	for i := 0; i < 10; i++ {
+		trueCase = append(trueCase, tmpRegMember)
+	}
+	falseCase := []*gitlab2.ProjectMember{tmpAdminMember, tmpAdminMember, tmpAdminMember, tmpAdminMember}
+	for i := 0; i < 57; i++ {
+		falseCase = append(falseCase, tmpRegMember)
+	}
+
 	options := map[bool][]*gitlab2.ProjectMember{
 		false: falseCase,
 		true:  trueCase,