This version of GitHub Enterprise Server will be discontinued on 2026-04-09. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise Server. For help with the upgrade, contact GitHub Enterprise support.

Enabling delegated bypass for push protection

Control who can push code containing secrets by requiring bypass approval from designated reviewers.

Who can use this feature?

Repository owners, organization owners, security managers, and users with the admin role

In this article

Note

Delegated bypass for push protection is currently in beta and subject to change.

Delegated bypass for push protection lets you define who can push commits containing secrets and adds an approval process for other contributors. See About delegated bypass for push protection.

To enable delegated bypass, create the teams or roles that will manage bypass requests.

Enabling delegated bypass for a repository

Note

If an organization or enterprise owner configures delegated bypass at the organization or enterprise level, the repository-level settings are disabled.

  1. On GitHub, navigate to the main page of the repository.

  2. Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.

    Screenshot of a repository header showing the tabs. The "Settings" tab is highlighted by a dark orange outline.

  3. In the "Security" section of the sidebar, click Code security and analysis.

  1. Under "Code security and analysis", find "GitHub Advanced Security."

  2. Under "Push protection," to the right of "Who can bypass push protection for secret scanning," select the dropdown menu, then click Specific roles or teams.

  3. Under "Bypass list," click Add role or team.

  4. In the dialog box, select the roles and teams that you want to add to the bypass list, then click Add selected.

    Note

    You can't add secret teams to the bypass list.

Enabling delegated bypass for an organization

  1. On GitHub, navigate to the main page of the organization.

  2. Under your organization name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.

    Screenshot of the tabs in an organization's profile. The "Settings" tab is outlined in dark orange.

  3. In the "Security" section of the sidebar, click Code security and analysis.

  1. Under "Code security and analysis", find "GitHub Advanced Security."

  2. Under "Push protection," to the right of "Who can bypass push protection for secret scanning," select the dropdown menu, then click Specific roles or teams.

  3. Under "Bypass list," click Add role or team.

  4. In the dialog box, select the roles and teams that you want to add to the bypass list, then click Add selected.