Push Protection Exemptions Now Available at Repository Level

GitHub's secret scanning push protection can now be configured with exemptions directly from your repository settings. This feature extends the exemption management capabilities that were previously limited to organization and enterprise-level security configurations.

What's New

• Repository-level management: Organizations can now designate push protection exemptions from individual repository settings
• Flexible exemption targets: Define exemptions for specific roles, teams, and applications
• Real-time evaluation: Exemption status is evaluated at the time of each push

How It Works

When an exempt actor (user, team, or app) pushes code containing secrets, push protection is automatically skipped and no bypass requests are created. This streamlines workflows for teams and applications that need exceptions while maintaining security controls for other contributors.

What Developers Need to Know

• This feature is available to organizations with GitHub Advanced Security and secret scanning push protection enabled
• Exemptions can now be managed at three levels: repository, organization, and enterprise
• No action is required if you're already using exemptions at other levels—you now have the option to manage them at the repository level as well
• For detailed configuration instructions, refer to the secret scanning documentation and the push protection exemptions guide