This version of GitHub Enterprise Server will be discontinued on 2026-03-17. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise Server. For help with the upgrade, contact GitHub Enterprise support.

Enabling push protection for your repository

With push protection, secret scanning blocks contributors from pushing secrets to a repository and generates an alert whenever a contributor bypasses the block.

Who can use this feature?

Repository owners, organization owners, security managers, and users with the admin role

  1. On GitHub, navigate to the main page of the repository.

  2. Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.

    Screenshot of a repository header showing the tabs. The "Settings" tab is highlighted by a dark orange outline.

  3. In the "Security" section of the sidebar, click Code security and analysis.

  1. Under "Code security and analysis", find "GitHub Advanced Security."
  2. Under "Secret scanning", under "Push protection", click Enable.

Further reading