jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-22 11:26:57 -05:00
Code Issues Projects Releases Wiki Activity
Files
2ae3d74757b51a6a2fb639d0f8cf9e88ecd44de0
docs/content/code-security/security-overview/reviewing-requests-to-bypass-push-protection.md
Felicity Chapman 8c62486a96 Docs for new Secret risk assessment, GHAS SKU unbundling, and expansion to Team plan - ships 1st April (UK morning) (#54748) 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Isaac Brown <101839405+isaacmbrown@users.noreply.github.com>
Co-authored-by: mchammer01 <42146119+mchammer01@users.noreply.github.com>
Co-authored-by: Anne-Marie <102995847+am-stead@users.noreply.github.com>
Co-authored-by: Hector Alfaro <hectorsector@github.com>
Co-authored-by: Vanessa <vgrl@github.com>
Co-authored-by: Erin Havens <erinhav@github.com>
Co-authored-by: Aaron Waggener <73763104+aaronwaggener@users.noreply.github.com>
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
Co-authored-by: Sarah Schneider <sarahs@users.noreply.github.com>
Co-authored-by: Sarita Iyer <66540150+saritai@users.noreply.github.com>
Co-authored-by: Sarah Schneider <sarahs@github.com>
2025-04-01 10:29:37 +00:00

60 lines
3.2 KiB
Markdown
Raw Blame History

---
title: Reviewing requests to bypass push protection
shortTitle: Review bypass requests
intro: 'You can use security overview to review requests to bypass push protection from contributors pushing to repositories across your organization.'
permissions: '{% data reusables.permissions.security-overview %}'
product: '{% data reusables.gated-features.security-overview-fpt-sp-only %}'
type: how_to
topics:
- Security overview
- Secret Protection
- Organizations
- Teams
- Secret scanning
- Alerts
versions:
feature: security-overview-delegated-bypass-requests
---
## About bypass requests
If your organization has configured delegated bypass for push protection, a designated team of reviewers controls which organization members can push secrets to repositories in your organization, and which members must first make a "bypass request" in order to push the secret.
On the "Push protection bypass" page in security overview, reviewers can find, review (approve or deny) and manage these requests.
For more information, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/managing-requests-to-bypass-push-protection).
## Reviewing bypass requests for an organization
{% data reusables.organizations.navigate-to-org %}
{% data reusables.organizations.security-overview %}
1. In the sidebar, under "Requests", click **{% octicon "key" aria-hidden="true" %} Push protection bypass**.
1. Select the **All statuses** dropdown menu, then click **Open** to view requests that are awaiting review, or that have been approved but for which the commits haven't been pushed to the repository yet.
1. Click the request that you want to review.
1. Review the details of the request.
{% ifversion push-protection-bypass-reviewer-comment -%}
{% data reusables.repositories.bypass-requests-reviewer-comment %}
{%- endif %}
1. To allow the contributor to push the commit containing the secret, click **Approve bypass request**. Or, to require the contributor to remove the secret from the commit, click **Deny bypass request**.
## Filtering requests
You can filter requests by repository, approver (member who has reviewed the request), requester (contributor making the request), timeframe, and status.
### Filtering by status
The following statuses are assigned to a request:
|Status|Description|
|---------|-----------|
|`Cancelled`| The request has been cancelled by the contributor.|
|`Completed`|The request has been approved and the commit(s) have been pushed to the repository.|
|`Denied`|The request has been reviewed and denied.|
|`Expired`| The request has expired. Requests are valid for 7 days. |
|`Open`| The request has either not yet been reviewed, or has been approved but the commit(s) have not been pushed to the repository. |
## Further reading
* [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection)
* [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection)
Reference in New Issue View Git Blame Copy Permalink