Managing requests to bypass push protection

When delegated bypass for push protection is enabled, designated reviewers can approve or deny requests from contributors who want to push commits containing secrets.

This article explains how to review and manage bypass requests for repositories and organizations.

For more information about how bypass requests work, see Umgehen von Anforderungen für Pushschutz.

Managing requests for a repository

1. Navigieren Sie auf GitHub zur Hauptseite des Repositorys.

2. Klicken Sie unter dem Repositorynamen auf die Security Registerkarte. Wenn die Registerkarte " Security" nicht angezeigt wird, wählen Sie das Dropdownmenü aus, und klicken Sie dann auf Security.

3. Klicken Sie in der linken Randleiste unter „Anforderungen“ auf Push-Schutzumgehung.

4. Select the All statuses dropdown menu, then click Open to view requests that are awaiting review, and those that have been approved but for which the commits haven't been pushed to the repository yet.

5. Click the request that you want to review.

6. Review the details of the request.

7. Füge optional einen Rezensionskommentar hinzu. Der Kommentar wird der Zeitachse der Überprüfungsanforderung und der secret scanning-Warnungszeitachse hinzugefügt. Du kannst z. B. den Grund für die Genehmigung oder Ablehnung der Anforderung für Überwachungs- und Berichterstellungsgründe erläutern und die nächsten Schritte vorschlagen, die der Mitwirkende ausführen soll.

8. To allow the contributor to push the commit containing the secret, click Approve bypass request. Or, to require the contributor to remove the secret from the commit, click Deny bypass request.

Managing requests for an organization

Organization owners, security managers and organization members with the relevant fine-grained permission (via a custom role) can review and manage bypass requests for all repositories in the organization using security overview. See Prüfung von Anforderungen zum Umgehen des Push-Schutzes.

Filtering requests

You can filter requests by:

• Approver (member of the bypass list)
• Requester (contributor making the request)
• Timeframe
• Status

Filtering by status

The following statuses are assigned to a request:

Status	Description
Cancelled	The request has been canceled by the contributor.
Completed	The request has been approved and the commit(s) have been pushed to the repository.
Denied	The request has been reviewed and denied.
Expired	The request has expired. Requests are valid for 7 days.
Open	The request has either not yet been reviewed, or has been approved but the commit(s) have not been pushed to the repository.

Further reading

• Delegierte Umgehung für den Schutz von Push-Benachrichtigungen
• Enabling delegated bypass for push protection
• Prüfung von Anforderungen zum Umgehen des Push-Schutzes