Managing requests to bypass push protection

As a member of the bypass list for an organization or repository, you can review bypass requests from other members of the organization or repository.

¿Quién puede utilizar esta característica?

  • Propietarios de la organización
  • Administradores de seguridad
  • Usuarios en equipos, roles predeterminados o roles personalizados que se han agregado a la lista de omisión.
  • A los usuarios a los que se les asigna un rol personalizado con el permiso detallado "revisar y administrar solicitudes de omisión secret scanning".

En este artículo

When delegated bypass for push protection is enabled, designated reviewers can approve or deny requests from contributors who want to push commits containing secrets.

This article explains how to review and manage bypass requests for repositories and organizations.

For more information about how bypass requests work, see Solicitudes de omisión de la protección de inserción.

Managing requests for a repository

  1. En GitHub, navegue hasta la página principal del repositorio.

  2. En el nombre del repositorio, haga clic en la Security and quality pestaña . Si no puede ver la pestaña " Security and quality", seleccione el menú desplegable y, a continuación, haga clic en Security and quality.

  3. En la barra lateral izquierda, en "Solicitudes", haga clic en Omisión de protección de inserción.

  4. Select the All statuses dropdown menu, then click Open to view requests that are awaiting review, and those that have been approved but for which the commits haven't been pushed to the repository yet.

  5. Click the request that you want to review.

  6. Review the details of the request.

  7. Opcionalmente, agrega un comentario de revisión. El comentario se agregará a la escala de tiempo de la solicitud de revisión y la escala de tiempo de alerta de secret scanning. Por ejemplo, puede que quieras explicar el motivo de la aprobación o denegación de la solicitud de auditoría y de informes, y sugerir los pasos siguientes que tenga que seguir el colaborador.

  8. To allow the contributor to push the commit containing the secret, click Approve bypass request. Or, to require the contributor to remove the secret from the commit, click Deny bypass request.

Managing requests for an organization

Organization owners, security managers and organization members with the relevant fine-grained permission (via a custom role) can review and manage bypass requests for all repositories in the organization using security overview. See Revisión de solicitudes para omitir la protección de inserción.

Filtering requests

You can filter requests by:

  • Approver (member of the bypass list)
  • Requester (contributor making the request)
  • Timeframe
  • Status

Filtering by status

The following statuses are assigned to a request:

StatusDescription
CancelledThe request has been canceled by the contributor.
CompletedThe request has been approved and the commit(s) have been pushed to the repository.
DeniedThe request has been reviewed and denied.
ExpiredThe request has expired. Requests are valid for 7 days.
OpenThe request has either not yet been reviewed, or has been approved but the commit(s) have not been pushed to the repository.

Further reading