Secret scanning push protection is supported for content upload REST API endpoints

Push protection blocks you from pushing secrets to a repository and generates an alert whenever you bypass the block.

Push protection is now supported for the following REST API endpoints:
* Create a blob
* Create or update file contents

If the content of a PUT request to these endpoints includes a secret, the API will respond with a 409 error and provide a link for bypassing push protection, along with a placeholder_id.

There is also a new API endpoint to bypass push protection programatically, Create a push protection bypass. You or your application can use the placeholder_id from your push protection block in your call to this endpoint.

You need to be the individual or application that initially got blocked to be able to bypass the block successfully.

JUN.16Retired
GitHub Models is no longer available to new customers
- Ecosystem and Accessibility
MAY.15Improvement
GitHub App installation tokens: Per-request override header
- Ecosystem and Accessibility
MAY.13Improvement
New enterprise installation API now in public preview
- Ecosystem and Accessibility
APR.20Retired
Sunsetting SHA-1 in HTTPS on GitHub
- Ecosystem and Accessibility
MAR.12Release
REST API version 2026-03-10 is now available
- Ecosystem and Accessibility
FEB.3Release
The Dependabot Proxy is now open source with an MIT license
- Ecosystem and Accessibility
JAN.12Improvement
Selectively showing "act on your behalf" warning for GitHub Apps is in public preview
- Ecosystem and Accessibility
NOV.7Retired
GraphQL Explorer removal from API documentation on November 7, 2025
- Ecosystem and Accessibility
OCT.31Retired
Deprecated models in GitHub Models
- Ecosystem and Accessibility

Secret scanning push protection is supported for content upload REST API endpoints

Related Posts

Subscribe to our developer newsletter