Managing requests to bypass push protection

As a member of the bypass list for an organization or repository, you can review bypass requests from other members of the organization or repository.

谁可以使用此功能?

  • 组织所有者
  • 安全管理员
  • 已添加到绕过列表的团队、默认角色或自定义角色中的用户。
  • 被分配有“审阅和管理secret scanning绕过请求”这一自定义角色的用户,拥有细化的权限。

在本文中

When delegated bypass for push protection is enabled, designated reviewers can approve or deny requests from contributors who want to push commits containing secrets.

This article explains how to review and manage bypass requests for repositories and organizations.

For more information about how bypass requests work, see 绕过推送保护请求.

Managing requests for a repository

  1. 在 GitHub 上,导航到存储库的主页面。

  2. 在存储库名称下,单击 Security and quality 选项卡。如果看不到“ Security and quality”选项卡,请选择 下拉菜单,然后单击 Security and quality

  3. 在左侧边栏中的“请求”下,单击“推送保护绕过”。

  4. Select the All statuses dropdown menu, then click Open to view requests that are awaiting review, and those that have been approved but for which the commits haven't been pushed to the repository yet.

  5. Click the request that you want to review.

  6. Review the details of the request.

  7. (可选)添加评审注释。 注释将添加到评审请求时间线和secret scanning警报时间线。 例如,你可能希望出于审计和报告原因而解释批准或拒绝请求的原因,并为参与者提出后续步骤建议。

  8. To allow the contributor to push the commit containing the secret, click Approve bypass request. Or, to require the contributor to remove the secret from the commit, click Deny bypass request.

Managing requests for an organization

Organization owners, security managers and organization members with the relevant fine-grained permission (via a custom role) can review and manage bypass requests for all repositories in the organization using security overview. See 审核绕过推送保护的请求.

Filtering requests

You can filter requests by:

  • Approver (member of the bypass list)
  • Requester (contributor making the request)
  • Timeframe
  • Status

Filtering by status

The following statuses are assigned to a request:

StatusDescription
CancelledThe request has been canceled by the contributor.
CompletedThe request has been approved and the commit(s) have been pushed to the repository.
DeniedThe request has been reviewed and denied.
ExpiredThe request has expired. Requests are valid for 7 days.
OpenThe request has either not yet been reviewed, or has been approved but the commit(s) have not been pushed to the repository.

Further reading