Nota:
Delegated bypass for push protection is currently in beta and subject to change.
When delegated bypass for push protection is enabled, designated reviewers can approve or deny requests from contributors who want to push commits containing secrets.
This article explains how to review and manage bypass requests for repositories and organizations.
For more information about how bypass requests work, see About bypass requests for push protection.
Managing requests for a repository
-
On GitHub, navigate to the main page of the repository.
-
Under the repository name, click Security. If you cannot see the "Security" tab, select the dropdown menu, and then click Security.
-
In the left sidebar, under "Requests," click Push protection bypass.
-
Select the All statuses dropdown menu, then click Open to view requests that are awaiting review, and those that have been approved but for which the commits haven't been pushed to the repository yet.
-
Click the request that you want to review.
-
Review the details of the request.
-
To allow the contributor to push the commit containing the secret, click Approve bypass request. Or, to require the contributor to remove the secret from the commit, click Deny bypass request.
Filtering requests
You can filter requests by:
- Approver (member of the bypass list)
- Requester (contributor making the request)
- Timeframe
- Status
Filtering by status
The following statuses are assigned to a request:
| Status | Description |
|---|---|
Cancelled | The request has been canceled by the contributor. |
Completed | The request has been approved and the commit(s) have been pushed to the repository. |
Denied | The request has been reviewed and denied. |
Expired | The request has expired. Requests are valid for 7 days. |
Open | The request has either not yet been reviewed, or has been approved but the commit(s) have not been pushed to the repository. |