푸시 보호를 위해 위임된 우회 사용

지정된 검토자의 바이패스 승인을 요구하여 비밀이 포함된 코드를 푸시할 수 있는 사용자를 제어합니다.

누가 이 기능을 사용할 수 있나요?

리포지토리 소유자, 조직 소유자, 보안 관리자 및 관리자 역할이 있는 사용자

이 기사에서

Delegated bypass for push protection lets you define who can push commits containing secrets and adds an approval process for other contributors. See About delegated bypass for push protection.

To enable delegated bypass, create the teams or roles that will manage bypass requests. Alternatively, use fine-grained permissions for more granular control. See Using fine-grained permissions to control who can review and manage bypass requests.

Enabling delegated bypass for a repository

참고

If an organization or enterprise owner configures delegated bypass at the organization or enterprise level, the repository-level settings are disabled.

  1. On GitHub, navigate to the main page of the repository.

  2. Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.

    Screenshot of a repository header showing the tabs. The "Settings" tab is highlighted by a dark orange outline.

  3. In the "Security" section of the sidebar, click Advanced Security.

  4. Under "Secret Protection," ensure that push protection is enabled for the repository.

  5. Under "Push protection," to the right of "Who can bypass push protection for secret scanning," select the dropdown menu, then click Specific roles or teams.

  6. Under "Bypass list," click Add role or team.

  7. In the dialog box, select the roles and teams that you want to add to the bypass list, then click Add selected.

    참고

    You can't add secret teams to the bypass list.

Enabling delegated bypass for an organization

  1. On GitHub, navigate to the main page of the organization.

  2. Under your organization name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.

    Screenshot of the tabs in an organization's profile. The "Settings" tab is outlined in dark orange.

  3. In the "Security" section of the sidebar, select the Advanced Security dropdown menu, then click Configurations.

  4. Create a new custom security configuration, or edit an existing one. See Creating a custom security configuration.

  5. When defining the custom security configuration, under "Secret scanning," ensure that "Push protection" is set to Enabled.

  6. Under "Push protection," to the right of "Bypass privileges," select the dropdown menu, then click Specific actors.

  7. Select the Select actors dropdown menu, then choose the actors you want to add to the bypass list.

    참고

  8. Click Save configuration.

  9. Apply the security configuration to repositories in your organization. See Applying a custom security configuration.

Using fine-grained permissions to control who can review and manage bypass requests

You can grant specific individuals or teams in your organization the ability to review and manage bypass requests using fine-grained permissions.

  1. Ensure that delegated bypass is enabled for the organization. For more information, follow steps 1-3 in Enabling delegated bypass for your organization and ensure you have saved and applied the security configuration to your selected repositories.
  2. Create (or edit) a custom organization role. For information on creating and editing custom roles, see Managing custom organization roles.
  3. When choosing which permissions to add to the custom role, select the "Review and manage secret scanning bypass requests" permission.
  4. Assign the custom role to individual members or teams in your organization. For more information on assigning custom roles, see Using organization roles.