Enabling push protection for your repository

With push protection, secret scanning blocks contributors from pushing secrets to a repository and generates an alert whenever a contributor bypasses the block.

Who can use this feature?

Repository owners, organization owners, security managers, and users with the admin role

  1. On GitHub, navigate to the main page of the repository.

  2. Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.

    Screenshot of a repository header showing the tabs. The "Settings" tab is highlighted by a dark orange outline.

  3. In the "Security" section of the sidebar, click Advanced Security.

  4. If you have not already enabled Secret Protection, to the right of "Secret Protection", click Enable.

  5. In the "Secret Protection" section, to the right of "Push protection", click Enable.

Further reading