Enterprise Server 3.21 は、現在リリース候補として使用できます。

REST API はバージョン化されました。 詳細については、「API のバージョン管理について」を参照してください。

プッシュ保護バイパス要求用の REST API エンドポイント

REST API を使って、シークレット スキャン用のプッシュ保護バイパス要求を管理します。

List bypass requests for secret scanning for an enterprise

List requests to bypass secret scanning push protection in an enterprise.

Delegated bypass must be enabled on repositories in the enterprise and the user must be a bypass reviewer to access this endpoint. Personal access tokens (classic) need the security_events scope to use this endpoint.

Fine-grained access tokens for "List bypass requests for secret scanning for an enterprise"

This endpoint does not work with GitHub App user access tokens, GitHub App installation access tokens, or fine-grained personal access tokens.

"List bypass requests for secret scanning for an enterprise" のパラメーター

ヘッダー
accept string

Setting to application/vnd.github+json is recommended.

パスパラメーター
enterprise string 必須

The slug version of the enterprise name.

クエリ パラメーター
organization_name string

The name of the organization to filter on.

reviewer string

Filter bypass requests by the handle of the GitHub user who reviewed the bypass request.

requester string

Filter bypass requests by the handle of the GitHub user who requested the bypass.

time_period string

The time period to filter by.

For example, day will filter for rule suites that occurred in the past 24 hours, and week will filter for rule suites that occurred in the past 7 days (168 hours).

デフォルト: day

次のいずれかにできます: hour, day, week, month

request_status string

The status of the bypass request to filter on. When specified, only requests with this status will be returned.

デフォルト: all

次のいずれかにできます: completed, cancelled, approved, expired, deleted, denied, open, all

per_page integer

The number of results per page (max 100). For more information, see "Using pagination in the REST API."

デフォルト: 30

page integer

The page number of the results to fetch. For more information, see "Using pagination in the REST API."

デフォルト: 1

HTTP response status codes for "List bypass requests for secret scanning for an enterprise"

Status code説明
200

OK

404

Resource not found

500

Internal Error

Code samples for "List bypass requests for secret scanning for an enterprise"

Request example

get/enterprises/{enterprise}/bypass-requests/secret-scanning
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2026-03-10" \ http(s)://HOSTNAME/api/v3/enterprises/ENTERPRISE/bypass-requests/secret-scanning

Response

Status: 200
[ { "id": 21, "number": 42, "repository": { "id": 1, "name": "smile", "full_name": "octo-org/smile" }, "organization": { "id": 1, "name": "octo-org" }, "requester": { "actor_id": 12, "actor_name": "monalisa" }, "request_type": "secret_scanning", "data": [ { "secret_type": "adafruit_io_key", "bypass_reason": "used_in_tests", "path": "/tests/README.md:16:0", "branch": "refs/heads/main" } ], "resource_identifier": "827efc6d56897b048c772eb4087f854f46256132", "status": "denied", "requester_comment": "Test token used in the readme as an example", "expires_at": "2024-07-08T08:43:03Z", "created_at": "2024-07-01T08:43:03Z", "responses": [ { "id": 42, "reviewer": { "actor_id": 4, "actor_name": "octocat" }, "status": "denied", "created_at": "2024-07-02T08:43:04Z" } ], "url": "https://HOSTNAME/repos/octo-org/smile/bypass-requests/secret-scanning/1", "html_url": "https://github.com/octo-org/smile/exemptions/1" }, { "id": 12, "number": 24, "repository": { "id": 1, "name": "smile", "full_name": "octo-org/smile" }, "organization": { "id": 1, "name": "octo-org" }, "requester": { "actor_id": 12, "actor_name": "monalisa" }, "request_type": "secret_scanning", "data": [ { "secret_type": "adafruit_io_key", "bypass_reason": "fix_later", "path": "README.md:17:0", "branch": "refs/heads/my-branch" } ], "resource_identifier": "827efc6d56897b048c772eb4087f854f46255555", "status": "denied", "requester_comment": "Token is already revoked, I'll remove it later", "expires_at": "2024-07-08T07:43:03Z", "created_at": "2024-07-01T07:43:03Z", "responses": [ { "id": 42, "reviewer": { "actor_id": 4, "actor_name": "octocat" }, "status": "denied", "created_at": "2024-07-02T08:43:04Z" } ], "url": "https://HOSTNAME/repos/octo-org/smile/bypass-requests/secret-scanning/2", "html_url": "https://github.com/octo-org/smile/exemptions/2" } ]

List bypass requests for secret scanning for an org

List requests to bypass secret scanning push protection in an org.

Delegated bypass must be enabled on repositories in the org and the user must be a bypass reviewer to access this endpoint. Personal access tokens (classic) need the security_events scope to use this endpoint.

Fine-grained access tokens for "List bypass requests for secret scanning for an org"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

  • "Secret scanning alerts" repository permissions (read) and "Organization bypass requests for secret scanning" organization permissions (read)

"List bypass requests for secret scanning for an org" のパラメーター

ヘッダー
accept string

Setting to application/vnd.github+json is recommended.

パスパラメーター
org string 必須

The organization name. The name is not case sensitive.

クエリ パラメーター
repository_name string

The name of the repository to filter on.

reviewer string

Filter bypass requests by the handle of the GitHub user who reviewed the bypass request.

requester string

Filter bypass requests by the handle of the GitHub user who requested the bypass.

time_period string

The time period to filter by.

For example, day will filter for rule suites that occurred in the past 24 hours, and week will filter for rule suites that occurred in the past 7 days (168 hours).

デフォルト: day

次のいずれかにできます: hour, day, week, month

request_status string

The status of the bypass request to filter on. When specified, only requests with this status will be returned.

デフォルト: all

次のいずれかにできます: completed, cancelled, approved, expired, deleted, denied, open, all

per_page integer

The number of results per page (max 100). For more information, see "Using pagination in the REST API."

デフォルト: 30

page integer

The page number of the results to fetch. For more information, see "Using pagination in the REST API."

デフォルト: 1

HTTP response status codes for "List bypass requests for secret scanning for an org"

Status code説明
200

OK

404

Resource not found

500

Internal Error

Code samples for "List bypass requests for secret scanning for an org"

Request example

get/orgs/{org}/bypass-requests/secret-scanning
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2026-03-10" \ http(s)://HOSTNAME/api/v3/orgs/ORG/bypass-requests/secret-scanning

Response

Status: 200
[ { "id": 21, "number": 42, "repository": { "id": 1, "name": "smile", "full_name": "octo-org/smile" }, "organization": { "id": 1, "name": "octo-org" }, "requester": { "actor_id": 12, "actor_name": "monalisa" }, "request_type": "secret_scanning", "data": [ { "secret_type": "adafruit_io_key", "bypass_reason": "used_in_tests", "path": "/tests/README.md:16:0", "branch": "refs/heads/main" } ], "resource_identifier": "827efc6d56897b048c772eb4087f854f46256132", "status": "denied", "requester_comment": "Test token used in the readme as an example", "expires_at": "2024-07-08T08:43:03Z", "created_at": "2024-07-01T08:43:03Z", "responses": [ { "id": 42, "reviewer": { "actor_id": 4, "actor_name": "octocat" }, "status": "denied", "created_at": "2024-07-02T08:43:04Z" } ], "url": "https://HOSTNAME/repos/octo-org/smile/bypass-requests/secret-scanning/1", "html_url": "https://github.com/octo-org/smile/exemptions/1" }, { "id": 12, "number": 24, "repository": { "id": 1, "name": "smile", "full_name": "octo-org/smile" }, "organization": { "id": 1, "name": "octo-org" }, "requester": { "actor_id": 12, "actor_name": "monalisa" }, "request_type": "secret_scanning", "data": [ { "secret_type": "adafruit_io_key", "bypass_reason": "fix_later", "path": "README.md:17:0", "branch": "refs/heads/my-branch" } ], "resource_identifier": "827efc6d56897b048c772eb4087f854f46255555", "status": "denied", "requester_comment": "Token is already revoked, I'll remove it later", "expires_at": "2024-07-08T07:43:03Z", "created_at": "2024-07-01T07:43:03Z", "responses": [ { "id": 42, "reviewer": { "actor_id": 4, "actor_name": "octocat" }, "status": "denied", "created_at": "2024-07-02T08:43:04Z" } ], "url": "https://HOSTNAME/repos/octo-org/smile/bypass-requests/secret-scanning/2", "html_url": "https://github.com/octo-org/smile/exemptions/2" } ]

List bypass requests for secret scanning for a repository

Lists requests to bypass secret scanning push protection in a repository.

Delegated bypass must be enabled on the repository and the user must be a bypass reviewer to access this endpoint. Personal access tokens (classic) need the security_events scope to use this endpoint.

Fine-grained access tokens for "List bypass requests for secret scanning for a repository"

This endpoint works with the following fine-grained token types:

The fine-grained token must have at least one of the following permission sets:

  • "Secret scanning alerts" repository permissions (read) and "Organization bypass requests for secret scanning" organization permissions (read)
  • "Secret scanning alerts" repository permissions (read) and "Secret scanning push protection bypass requests" repository permissions (read)

"List bypass requests for secret scanning for a repository" のパラメーター

ヘッダー
accept string

Setting to application/vnd.github+json is recommended.

パスパラメーター
owner string 必須

The account owner of the repository. The name is not case sensitive.

repo string 必須

The name of the repository without the .git extension. The name is not case sensitive.

クエリ パラメーター
reviewer string

Filter bypass requests by the handle of the GitHub user who reviewed the bypass request.

requester string

Filter bypass requests by the handle of the GitHub user who requested the bypass.

time_period string

The time period to filter by.

For example, day will filter for rule suites that occurred in the past 24 hours, and week will filter for rule suites that occurred in the past 7 days (168 hours).

デフォルト: day

次のいずれかにできます: hour, day, week, month

request_status string

The status of the bypass request to filter on. When specified, only requests with this status will be returned.

デフォルト: all

次のいずれかにできます: completed, cancelled, approved, expired, deleted, denied, open, all

per_page integer

The number of results per page (max 100). For more information, see "Using pagination in the REST API."

デフォルト: 30

page integer

The page number of the results to fetch. For more information, see "Using pagination in the REST API."

デフォルト: 1

HTTP response status codes for "List bypass requests for secret scanning for a repository"

Status code説明
200

A list of the bypass requests.

403

Forbidden

404

Resource not found

500

Internal Error

Code samples for "List bypass requests for secret scanning for a repository"

Request example

get/repos/{owner}/{repo}/bypass-requests/secret-scanning
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2026-03-10" \ http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/bypass-requests/secret-scanning

A list of the bypass requests.

Status: 200
[ { "id": 21, "number": 42, "repository": { "id": 1, "name": "smile", "full_name": "octo-org/smile" }, "organization": { "id": 1, "name": "octo-org" }, "requester": { "actor_id": 12, "actor_name": "monalisa" }, "request_type": "secret_scanning", "data": [ { "secret_type": "adafruit_io_key", "bypass_reason": "used_in_tests", "path": "/tests/README.md:16:0", "branch": "refs/heads/main" } ], "resource_identifier": "827efc6d56897b048c772eb4087f854f46256132", "status": "denied", "requester_comment": "Test token used in the readme as an example", "expires_at": "2024-07-08T08:43:03Z", "created_at": "2024-07-01T08:43:03Z", "responses": [ { "id": 42, "reviewer": { "actor_id": 4, "actor_name": "octocat" }, "status": "denied", "created_at": "2024-07-02T08:43:04Z" } ], "url": "https://HOSTNAME/repos/octo-org/smile/bypass-requests/secret-scanning/1", "html_url": "https://github.com/octo-org/smile/exemptions/1" }, { "id": 12, "number": 24, "repository": { "id": 1, "name": "smile", "full_name": "octo-org/smile" }, "organization": { "id": 1, "name": "octo-org" }, "requester": { "actor_id": 12, "actor_name": "monalisa" }, "request_type": "secret_scanning", "data": [ { "secret_type": "adafruit_io_key", "bypass_reason": "fix_later", "path": "README.md:17:0", "branch": "refs/heads/my-branch" } ], "resource_identifier": "827efc6d56897b048c772eb4087f854f46255555", "status": "denied", "requester_comment": "Token is already revoked, I'll remove it later", "expires_at": "2024-07-08T07:43:03Z", "created_at": "2024-07-01T07:43:03Z", "responses": [ { "id": 42, "reviewer": { "actor_id": 4, "actor_name": "octocat" }, "status": "denied", "created_at": "2024-07-02T08:43:04Z" } ], "url": "https://HOSTNAME/repos/octo-org/smile/bypass-requests/secret-scanning/2", "html_url": "https://github.com/octo-org/smile/exemptions/2" } ]

Get a bypass request for secret scanning

Gets a specific request to bypass secret scanning push protection in a repository.

Delegated bypass must be enabled on the repository and the user must be a bypass reviewer to access this endpoint. Personal access tokens (classic) need the security_events scope to use this endpoint.

Fine-grained access tokens for "Get a bypass request for secret scanning"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

  • "Secret scanning alerts" repository permissions (read) and "Organization bypass requests for secret scanning" organization permissions (read)

"Get a bypass request for secret scanning" のパラメーター

ヘッダー
accept string

Setting to application/vnd.github+json is recommended.

パスパラメーター
owner string 必須

The account owner of the repository. The name is not case sensitive.

repo string 必須

The name of the repository without the .git extension. The name is not case sensitive.

bypass_request_number integer 必須

The number that identifies the bypass request in a repository.

HTTP response status codes for "Get a bypass request for secret scanning"

Status code説明
200

A single bypass request.

403

Forbidden

404

Resource not found

500

Internal Error

Code samples for "Get a bypass request for secret scanning"

Request example

get/repos/{owner}/{repo}/bypass-requests/secret-scanning/{bypass_request_number}
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2026-03-10" \ http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/bypass-requests/secret-scanning/BYPASS_REQUEST_NUMBER

A single bypass request.

Status: 200
{ "id": 21, "number": 42, "repository": { "id": 1, "name": "smile", "full_name": "octo-org/smile" }, "organization": { "id": 1, "name": "octo-org" }, "requester": { "actor_id": 12, "actor_name": "monalisa" }, "request_type": "secret_scanning", "data": [ { "secret_type": "adafruit_io_key", "bypass_reason": "used_in_tests", "path": "/tests/README.md:16:0", "branch": "refs/heads/main" } ], "resource_identifier": "827efc6d56897b048c772eb4087f854f46256132", "status": "denied", "requester_comment": "Test token used in the readme as an example", "expires_at": "2024-07-08T08:43:03Z", "created_at": "2024-07-01T08:43:03Z", "responses": [ { "id": 42, "reviewer": { "actor_id": 4, "actor_name": "octocat" }, "status": "denied", "created_at": "2024-07-02T08:43:04Z" } ], "url": "https://HOSTNAME/repos/octo-org/smile/bypass-requests/secret-scanning/1", "html_url": "https://github.com/octo-org/smile/exemptions/1" }

Review a bypass request for secret scanning

Approve or deny a request to bypass secret scanning push protection in a repository.

Delegated bypass must be enabled on the repository and the user must be a bypass reviewer to access this endpoint. Personal access tokens (classic) need the security_events scope to use this endpoint.

Fine-grained access tokens for "Review a bypass request for secret scanning"

This endpoint works with the following fine-grained token types:

The fine-grained token must have at least one of the following permission sets:

  • "Secret scanning alerts" repository permissions (read) and "Organization bypass requests for secret scanning" organization permissions (write)
  • "Secret scanning alerts" repository permissions (read) and "Secret scanning push protection bypass requests" repository permissions (write)

"Review a bypass request for secret scanning" のパラメーター

ヘッダー
accept string

Setting to application/vnd.github+json is recommended.

パスパラメーター
owner string 必須

The account owner of the repository. The name is not case sensitive.

repo string 必須

The name of the repository without the .git extension. The name is not case sensitive.

bypass_request_number integer 必須

The number that identifies the bypass request in a repository.

ボディパラメータ
status string 必須

The review action to perform on the bypass request.

次のいずれかにできます: approve, reject

message string 必須

A message to include with the review. Has a maximum character length of 2048.

HTTP response status codes for "Review a bypass request for secret scanning"

Status code説明
200

The review of the bypass request.

403

Forbidden

404

Resource not found

422

Validation failed, or the endpoint has been spammed.

500

Internal Error

Code samples for "Review a bypass request for secret scanning"

Request example

patch/repos/{owner}/{repo}/bypass-requests/secret-scanning/{bypass_request_number}
curl -L \ -X PATCH \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2026-03-10" \ http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/bypass-requests/secret-scanning/BYPASS_REQUEST_NUMBER \ -d '{"status":"reject","message":"This secret has not been revoked."}'

The review of the bypass request.

Status: 200
{ "bypass_review_id": 1 }

Dismiss a response on a bypass request for secret scanning

Dissmiss a response given to a bypass request for secret scanning push protection in a repository.

Delegated bypass must be enabled on the repository and the user must be a bypass reviewer to access this endpoint. Personal access tokens (classic) need the security_events scope to use this endpoint.

Fine-grained access tokens for "Dismiss a response on a bypass request for secret scanning"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

  • "Secret scanning alerts" repository permissions (read)

"Dismiss a response on a bypass request for secret scanning" のパラメーター

ヘッダー
accept string

Setting to application/vnd.github+json is recommended.

パスパラメーター
owner string 必須

The account owner of the repository. The name is not case sensitive.

repo string 必須

The name of the repository without the .git extension. The name is not case sensitive.

bypass_response_id integer 必須

ID of the bypass response.

HTTP response status codes for "Dismiss a response on a bypass request for secret scanning"

Status code説明
204

Review was successfully dismissed.

403

Forbidden

404

Resource not found

422

Validation failed, or the endpoint has been spammed.

500

Internal Error

Code samples for "Dismiss a response on a bypass request for secret scanning"

Request example

delete/repos/{owner}/{repo}/bypass-responses/secret-scanning/{bypass_response_id}
curl -L \ -X DELETE \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2026-03-10" \ http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/bypass-responses/secret-scanning/BYPASS_RESPONSE_ID

Review was successfully dismissed.

Status: 204