About delegated bypass for push protection
With delegated bypass for push protection, you can:
- Grant bypass permissions to select individuals, roles, and teams, allowing them to push commits that are initially blocked by push protection.
- Introduce a review cycle for bypass requests from all other contributors. Requests expire after 7 days.
Delegated bypass applies to files created, edited, and uploaded on GitHub.
Users with bypass privileges
The following types of users can always bypass push protection:
- Organization owners
- Security managers
- Users in teams, default roles, or custom roles that have been added to the bypass list
- Users who are assigned (either directly or via a team) a custom role with the "review and manage secret scanning bypass requests" fine-grained permission
Next steps
To start managing bypass privileges, see Enabling delegated bypass for push protection.