What Protection Does
When a branch is protected:- Direct commits are blocked. Users cannot commit changes straight to the protected branch.
- Changes must be merged in. To update a protected branch, make your changes on a separate branch and merge that branch into the protected one.
- Admins can optionally bypass. You can allow administrators—or a specific list of users—to commit directly, bypassing the protection.
Branch protection currently enforces that changes arrive through a merge. A requirement that merges first pass review or approval is on the roadmap and is not yet enforced. This page will be updated when that capability ships.
Adding a Protection Rule
Confirm the repository
Check the repository dropdown in the top-right of the window and make sure the correct repository is selected before continuing.
Select the branch
Under Add branch protection, open the Branch dropdown and choose the branch you want to protect.
Configure bypass (optional)
Choose who, if anyone, is allowed to commit directly to the protected branch:
- Allow admins to bypass — toggle this on to let repository administrators commit directly. When off, the helper text reads “Admins cannot bypass protection.”
- Bypass restrictions (optional) — use the Select users… dropdown to add specific users who can bypass protection and commit directly to this branch.
Managing Existing Rules
Each existing rule lists the protected branch, its bypass status (for example, “No bypass allowed”), and any Allowed users who can commit directly. Use the pencil icon to edit a rule or the trash icon to delete it.Removing a Protection Rule
To stop protecting a branch, go to Settings → Branch protection, find the rule for that branch, and click the trash icon to delete it. Direct commits to the branch are allowed again immediately.