REST API endpoints for push protection bypass requests

List bypass requests for secret scanning for an org

List requests to bypass secret scanning push protection in an org.

Delegated bypass must be enabled on repositories in the org and the user must be a bypass reviewer to access this endpoint. Personal access tokens (classic) need the security_events scope to use this endpoint.

Jetons d’accès affinés pour « List bypass requests for secret scanning for an org »

Ce point de terminaison fonctionne avec les types de jetons précis suivants:

Le jeton précis doit avoir l’ensemble d’autorisations suivant:

"Secret scanning alerts" repository permissions (read)

Paramètres pour « List bypass requests for secret scanning for an org »

En-têtes
Nom, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Paramètres de chemin d’accès
Nom, Type, Description
`org` string Obligatoire The organization name. The name is not case sensitive.

Paramètres de requête
Nom, Type, Description
`repository_name` string The name of the repository to filter on.
`reviewer` string Filter bypass requests by the handle of the GitHub user who reviewed the bypass request.
`requester` string Filter bypass requests by the handle of the GitHub user who requested the bypass.
`time_period` string The time period to filter by. For example, `day` will filter for rule suites that occurred in the past 24 hours, and `week` will filter for insights that occurred in the past 7 days (168 hours). Default: `day` Peut être: `hour`, `day`, `week`, `month`
`request_status` string The status of the bypass request to filter on. When specified, only requests with this status will be returned. Default: `all` Peut être: `completed`, `cancelled`, `expired`, `denied`, `open`, `all`
`per_page` integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Default: `30`
`page` integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." Default: `1`

Codes d’état de la réponse HTTP pour « List bypass requests for secret scanning for an org »

Code d’état	Description
`200`	OK
`404`	Resource not found
`500`	Internal Error

Exemples de code pour « List bypass requests for secret scanning for an org »

Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.

Exemple de requête

get/orgs/{org}/bypass-requests/secret-scanning

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/bypass-requests/secret-scanning

Response

Status: 200

[
  {
    "id": 21,
    "number": 42,
    "repository": {
      "id": 1,
      "name": "smile",
      "full_name": "octo-org/smile"
    },
    "organization": {
      "id": 1,
      "name": "octo-org"
    },
    "requester": {
      "actor_id": 12,
      "actor_name": "monalisa"
    },
    "request_type": "secret_scanning",
    "data": [
      {
        "secret_type": "adafruit_io_key",
        "bypass_reason": "used_in_tests",
        "path": "/tests/README.md:16:0",
        "branch": "refs/heads/main"
      }
    ],
    "resource_identifier": "827efc6d56897b048c772eb4087f854f46256132",
    "status": "denied",
    "requester_comment": "Test token used in the readme as an example",
    "expires_at": "2024-07-08T08:43:03Z",
    "created_at": "2024-07-01T08:43:03Z",
    "responses": [
      {
        "id": 42,
        "reviewer": {
          "actor_id": 4,
          "actor_name": "octocat"
        },
        "status": "denied",
        "created_at": "2024-07-02T08:43:04Z"
      }
    ],
    "url": "https://api.github.com/repos/octo-org/smile/bypass-requests/secret-scanning/1",
    "html_url": "https://github.com/octo-org/smile/exemptions/1"
  },
  {
    "id": 12,
    "number": 24,
    "repository": {
      "id": 1,
      "name": "smile",
      "full_name": "octo-org/smile"
    },
    "organization": {
      "id": 1,
      "name": "octo-org"
    },
    "requester": {
      "actor_id": 12,
      "actor_name": "monalisa"
    },
    "request_type": "secret_scanning",
    "data": [
      {
        "secret_type": "adafruit_io_key",
        "bypass_reason": "fix_later",
        "path": "README.md:17:0",
        "branch": "refs/heads/my-branch"
      }
    ],
    "resource_identifier": "827efc6d56897b048c772eb4087f854f46255555",
    "status": "denied",
    "requester_comment": "Token is already revoked, I'll remove it later",
    "expires_at": "2024-07-08T07:43:03Z",
    "created_at": "2024-07-01T07:43:03Z",
    "responses": [
      {
        "id": 42,
        "reviewer": {
          "actor_id": 4,
          "actor_name": "octocat"
        },
        "status": "denied",
        "created_at": "2024-07-02T08:43:04Z"
      }
    ],
    "url": "https://api.github.com/repos/octo-org/smile/bypass-requests/secret-scanning/2",
    "html_url": "https://github.com/octo-org/smile/exemptions/2"
  }
]

List bypass requests for secret scanning for a repository

Lists requests to bypass secret scanning push protection in a repository.

Delegated bypass must be enabled on the repository and the user must be a bypass reviewer to access this endpoint. Personal access tokens (classic) need the security_events scope to use this endpoint.

Jetons d’accès affinés pour « List bypass requests for secret scanning for a repository »

Ce point de terminaison fonctionne avec les types de jetons précis suivants:

Le jeton précis doit avoir l’ensemble d’autorisations suivant:

"Secret scanning alerts" repository permissions (read)

Paramètres pour « List bypass requests for secret scanning for a repository »

En-têtes
Nom, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Paramètres de chemin d’accès
Nom, Type, Description
`owner` string Obligatoire The account owner of the repository. The name is not case sensitive.
`repo` string Obligatoire The name of the repository without the `.git` extension. The name is not case sensitive.

Paramètres de requête
Nom, Type, Description
`reviewer` string Filter bypass requests by the handle of the GitHub user who reviewed the bypass request.
`requester` string Filter bypass requests by the handle of the GitHub user who requested the bypass.
`time_period` string The time period to filter by. For example, `day` will filter for rule suites that occurred in the past 24 hours, and `week` will filter for insights that occurred in the past 7 days (168 hours). Default: `day` Peut être: `hour`, `day`, `week`, `month`
`request_status` string The status of the bypass request to filter on. When specified, only requests with this status will be returned. Default: `all` Peut être: `completed`, `cancelled`, `expired`, `denied`, `open`, `all`
`per_page` integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Default: `30`
`page` integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." Default: `1`

Codes d’état de la réponse HTTP pour « List bypass requests for secret scanning for a repository »

Code d’état	Description
`200`	A list of the bypass requests.
`403`	Forbidden
`404`	Resource not found
`500`	Internal Error

Exemples de code pour « List bypass requests for secret scanning for a repository »

Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.

Exemple de requête

get/repos/{owner}/{repo}/bypass-requests/secret-scanning

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/repos/OWNER/REPO/bypass-requests/secret-scanning

A list of the bypass requests.

Status: 200

[
  {
    "id": 21,
    "number": 42,
    "repository": {
      "id": 1,
      "name": "smile",
      "full_name": "octo-org/smile"
    },
    "organization": {
      "id": 1,
      "name": "octo-org"
    },
    "requester": {
      "actor_id": 12,
      "actor_name": "monalisa"
    },
    "request_type": "secret_scanning",
    "data": [
      {
        "secret_type": "adafruit_io_key",
        "bypass_reason": "used_in_tests",
        "path": "/tests/README.md:16:0",
        "branch": "refs/heads/main"
      }
    ],
    "resource_identifier": "827efc6d56897b048c772eb4087f854f46256132",
    "status": "denied",
    "requester_comment": "Test token used in the readme as an example",
    "expires_at": "2024-07-08T08:43:03Z",
    "created_at": "2024-07-01T08:43:03Z",
    "responses": [
      {
        "id": 42,
        "reviewer": {
          "actor_id": 4,
          "actor_name": "octocat"
        },
        "status": "denied",
        "created_at": "2024-07-02T08:43:04Z"
      }
    ],
    "url": "https://api.github.com/repos/octo-org/smile/bypass-requests/secret-scanning/1",
    "html_url": "https://github.com/octo-org/smile/exemptions/1"
  },
  {
    "id": 12,
    "number": 24,
    "repository": {
      "id": 1,
      "name": "smile",
      "full_name": "octo-org/smile"
    },
    "organization": {
      "id": 1,
      "name": "octo-org"
    },
    "requester": {
      "actor_id": 12,
      "actor_name": "monalisa"
    },
    "request_type": "secret_scanning",
    "data": [
      {
        "secret_type": "adafruit_io_key",
        "bypass_reason": "fix_later",
        "path": "README.md:17:0",
        "branch": "refs/heads/my-branch"
      }
    ],
    "resource_identifier": "827efc6d56897b048c772eb4087f854f46255555",
    "status": "denied",
    "requester_comment": "Token is already revoked, I'll remove it later",
    "expires_at": "2024-07-08T07:43:03Z",
    "created_at": "2024-07-01T07:43:03Z",
    "responses": [
      {
        "id": 42,
        "reviewer": {
          "actor_id": 4,
          "actor_name": "octocat"
        },
        "status": "denied",
        "created_at": "2024-07-02T08:43:04Z"
      }
    ],
    "url": "https://api.github.com/repos/octo-org/smile/bypass-requests/secret-scanning/2",
    "html_url": "https://github.com/octo-org/smile/exemptions/2"
  }
]

Get a bypass request for secret scanning

Gets a specific request to bypass secret scanning push protection in a repository.

Delegated bypass must be enabled on the repository and the user must be a bypass reviewer to access this endpoint. Personal access tokens (classic) need the security_events scope to use this endpoint.

Jetons d’accès affinés pour « Get a bypass request for secret scanning »

Ce point de terminaison fonctionne avec les types de jetons précis suivants:

Le jeton précis doit avoir l’ensemble d’autorisations suivant:

"Secret scanning alerts" repository permissions (read)

Paramètres pour « Get a bypass request for secret scanning »

En-têtes
Nom, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Paramètres de chemin d’accès
Nom, Type, Description
`owner` string Obligatoire The account owner of the repository. The name is not case sensitive.
`repo` string Obligatoire The name of the repository without the `.git` extension. The name is not case sensitive.
`bypass_request_number` integer Obligatoire The number that identifies the bypass request in a repository.

Codes d’état de la réponse HTTP pour « Get a bypass request for secret scanning »

Code d’état	Description
`200`	A single bypass request.
`403`	Forbidden
`404`	Resource not found
`500`	Internal Error

Exemples de code pour « Get a bypass request for secret scanning »

Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.

Exemple de requête

get/repos/{owner}/{repo}/bypass-requests/secret-scanning/{bypass_request_number}

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/repos/OWNER/REPO/bypass-requests/secret-scanning/BYPASS_REQUEST_NUMBER

A single bypass request.

Status: 200

{
  "id": 21,
  "number": 42,
  "repository": {
    "id": 1,
    "name": "smile",
    "full_name": "octo-org/smile"
  },
  "organization": {
    "id": 1,
    "name": "octo-org"
  },
  "requester": {
    "actor_id": 12,
    "actor_name": "monalisa"
  },
  "request_type": "secret_scanning",
  "data": [
    {
      "secret_type": "adafruit_io_key",
      "bypass_reason": "used_in_tests",
      "path": "/tests/README.md:16:0",
      "branch": "refs/heads/main"
    }
  ],
  "resource_identifier": "827efc6d56897b048c772eb4087f854f46256132",
  "status": "denied",
  "requester_comment": "Test token used in the readme as an example",
  "expires_at": "2024-07-08T08:43:03Z",
  "created_at": "2024-07-01T08:43:03Z",
  "responses": [
    {
      "id": 42,
      "reviewer": {
        "actor_id": 4,
        "actor_name": "octocat"
      },
      "status": "denied",
      "created_at": "2024-07-02T08:43:04Z"
    }
  ],
  "url": "https://api.github.com/repos/octo-org/smile/bypass-requests/secret-scanning/1",
  "html_url": "https://github.com/octo-org/smile/exemptions/1"
}

Review a bypass request for secret scanning

Approve or deny a request to bypass secret scanning push protection in a repository.

Delegated bypass must be enabled on the repository and the user must be a bypass reviewer to access this endpoint. Personal access tokens (classic) need the security_events scope to use this endpoint.

Jetons d’accès affinés pour « Review a bypass request for secret scanning »

Ce point de terminaison fonctionne avec les types de jetons précis suivants:

Le jeton précis doit avoir l’ensemble d’autorisations suivant:

"Secret scanning alerts" repository permissions (read)

Paramètres pour « Review a bypass request for secret scanning »

En-têtes
Nom, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Paramètres de chemin d’accès
Nom, Type, Description
`owner` string Obligatoire The account owner of the repository. The name is not case sensitive.
`repo` string Obligatoire The name of the repository without the `.git` extension. The name is not case sensitive.
`bypass_request_number` integer Obligatoire The number that identifies the bypass request in a repository.

Paramètres du corps
Nom, Type, Description
`status` string Obligatoire The review action to perform on the bypass request. Peut être: `approve`, `reject`
`message` string Obligatoire A message to include with the review. Has a maximum character length of 2048.

Codes d’état de la réponse HTTP pour « Review a bypass request for secret scanning »

Code d’état	Description
`200`	The review of the bypass request.
`403`	Forbidden
`404`	Resource not found
`422`	Validation failed, or the endpoint has been spammed.
`500`	Internal Error

Exemples de code pour « Review a bypass request for secret scanning »

Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.

Exemple de requête

patch/repos/{owner}/{repo}/bypass-requests/secret-scanning/{bypass_request_number}

curl -L \
  -X PATCH \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/repos/OWNER/REPO/bypass-requests/secret-scanning/BYPASS_REQUEST_NUMBER \
  -d '{"status":"reject","message":"This secret has not been revoked."}'

The review of the bypass request.

Status: 200

{
  "bypass_review_id": 1
}

Dismiss a response on a bypass request for secret scanning

Dissmiss a response given to a bypass request for secret scanning push protection in a repository.

Delegated bypass must be enabled on the repository and the user must be a bypass reviewer to access this endpoint. Personal access tokens (classic) need the security_events scope to use this endpoint.

Jetons d’accès affinés pour « Dismiss a response on a bypass request for secret scanning »

Ce point de terminaison fonctionne avec les types de jetons précis suivants:

Le jeton précis doit avoir l’ensemble d’autorisations suivant:

"Secret scanning alerts" repository permissions (read)

Paramètres pour « Dismiss a response on a bypass request for secret scanning »

En-têtes
Nom, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Paramètres de chemin d’accès
Nom, Type, Description
`owner` string Obligatoire The account owner of the repository. The name is not case sensitive.
`repo` string Obligatoire The name of the repository without the `.git` extension. The name is not case sensitive.
`bypass_response_id` integer Obligatoire ID of the bypass response.

Codes d’état de la réponse HTTP pour « Dismiss a response on a bypass request for secret scanning »

Code d’état	Description
`204`	Review was successfully dismissed.
`403`	Forbidden
`404`	Resource not found
`422`	Validation failed, or the endpoint has been spammed.
`500`	Internal Error

Exemples de code pour « Dismiss a response on a bypass request for secret scanning »

Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.

Exemple de requête

delete/repos/{owner}/{repo}/bypass-responses/secret-scanning/{bypass_response_id}

curl -L \
  -X DELETE \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/repos/OWNER/REPO/bypass-responses/secret-scanning/BYPASS_RESPONSE_ID

Review was successfully dismissed.

Status: 204