Skip to main content
Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Requesting Temporary Bypass Permissions

How do I request temporary permissions to bypass Code Scanning policies?

While our Code Scanning policies are designed to help you maintain a secure codebase, we understand that there may be times when you need to bypass these policies to merge critical changes, or to work on remediation efforts. To request temporary permissions to bypass Code Scanning policies, please follow the steps below:

  • Open a new Bypass: Code Scanning Policy issue in the GitHub Users Request repo
  • Provide the following information in the issue:
    • The name of the repository you need to bypass Code Scanning policies for
    • The reason you need to bypass Code Scanning policies
      • This should include the specific changes you need to make, and why you need to make them, as well as any other relevant information. This information may be audited to ensure requests are being made for valid reasons.

Once your request has been opened, automation will automatically grant your exception. You will receive a notification once your exception has been granted in the same issue.

Bypass permissions are granted for 8 hours after the time of the request. If you need to extend your exception, you may open a new issue.

Examples of valid reasons to request a bypass

  • You need to merge a pull request but your repository has vulnerabilities outside the 30-day remediation window, but you need to merge it to fix a critical bug
  • You are working to configure CodeQL on your repository and need to merge a pull request that creates the initial configuration