This version of GitHub Enterprise Server will be discontinued on 2026-04-09. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise Server. For help with the upgrade, contact GitHub Enterprise support.

About delegated bypass for push protection

Maintain your secret security while unblocking trusted actors with delegated bypass for push protection.

Who can use this feature?

Delegated bypass for push protection is available for the following repository types:

Organization-owned repositories with GitHub Advanced Security enabled

In this article

Note

Delegated bypass for push protection is currently in beta and subject to change.

About delegated bypass for push protection

With delegated bypass for push protection, you can:

Grant bypass permissions to select individuals, roles, and teams, allowing them to push commits that are initially blocked by push protection.
Introduce a review cycle for bypass requests from all other contributors. Requests expire after 7 days.

Users with bypass privileges

The following types of users can always bypass push protection:

Organization owners
Security managers
Users in teams, default roles, or custom roles that have been added to the bypass list

Next steps

To start managing bypass privileges, see Enabling delegated bypass for push protection.