Managing requests to bypass push protection

As a member of the bypass list for an organization or repository, you can review bypass requests from other members of the organization or repository.

Quem pode usar esse recurso?

  • Proprietários da organização
  • Gerentes de segurança
  • Usuários em equipes, funções padrão ou funções personalizadas que foram adicionadas à lista de exceção.
  • Os usuários que receberam uma função personalizada com a permissão detalhada "examinar e gerenciar secret scanning solicitações de bypass".

Neste artigo

When delegated bypass for push protection is enabled, designated reviewers can approve or deny requests from contributors who want to push commits containing secrets.

This article explains how to review and manage bypass requests for repositories and organizations.

For more information about how bypass requests work, see Ignorar solicitações de proteção por push.

Managing requests for a repository

  1. Em GitHub, acesse a página principal do repositório.

  2. No nome do repositório, clique na Security and quality guia. Se você não conseguir ver a guia " Security and quality", selecione o menu suspenso e clique em Security and quality.

  3. Na barra lateral esquerda, em "Solicitações", clique em Ignorar proteção de push.

  4. Select the All statuses dropdown menu, then click Open to view requests that are awaiting review, and those that have been approved but for which the commits haven't been pushed to the repository yet.

  5. Click the request that you want to review.

  6. Review the details of the request.

  7. Opcionalmente, adicione um comentário de revisão. O comentário será adicionado à linha do tempo da solicitação de revisão e à linha do tempo de alerta da secret scanning. Por exemplo, talvez você queira explicar o motivo da aprovação ou recusa da solicitação para fins de auditoria e relatório e sugerir as próximas etapas para o colaborador realizar.

  8. To allow the contributor to push the commit containing the secret, click Approve bypass request. Or, to require the contributor to remove the secret from the commit, click Deny bypass request.

Managing requests for an organization

Organization owners, security managers and organization members with the relevant fine-grained permission (via a custom role) can review and manage bypass requests for all repositories in the organization using security overview. See Revisar solicitações para ignorar a proteção por push.

Filtering requests

You can filter requests by:

  • Approver (member of the bypass list)
  • Requester (contributor making the request)
  • Timeframe
  • Status

Filtering by status

The following statuses are assigned to a request:

StatusDescription
CancelledThe request has been canceled by the contributor.
CompletedThe request has been approved and the commit(s) have been pushed to the repository.
DeniedThe request has been reviewed and denied.
ExpiredThe request has expired. Requests are valid for 7 days.
OpenThe request has either not yet been reviewed, or has been approved but the commit(s) have not been pushed to the repository.

Further reading