About enabling push protection
To enable push protection for a repository, you must first enable secret scanning. You can then enable push protection in the repository's "Code security and analysis" settings page following the steps outlined in this article.
You can additionally enable push protection for your own personal account, which prevents you from pushing secrets to any public repository on GitHub. For more information, see "Push protection for users."
If you're an organization owner, you can enable push protection for multiple repositories at a time using a security configuration. For more information, see "Creating a custom security configuration."
Organization owners, security managers, and repository administrators can also enable push protection for secret scanning via the API. For more information, see "REST API endpoints for repositories" and expand the "Properties of the security_and_analysis
object" section.
If your organization is owned by an enterprise account, an enterprise owner can also enable push protection at the enterprise level. For more information, see "Managing GitHub Advanced Security features for your enterprise."
Enabling push protection for a repository
-
On GitHub, navigate to the main page of the repository.
-
Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.
-
In the "Security" section of the sidebar, click Code security and analysis.
-
Under "Code security and analysis", find "GitHub Advanced Security."
-
Under "Secret scanning", under "Push protection", click Enable.