Skip to content

GitHub Enterprise Token

Service Name: GitHub Enterprise

Service Description: GitHub Enterprise is the self-hosted version of GitHub, providing organizations with a secure, compliant environment for software development, code hosting, and collaboration while maintaining control over their data.

Service Address: https://github.com/enterprise

Validation Type: API Auth

IP Allow list: IP allow lists can be configured at the enterprise or organization level to restrict access to specific IP addresses.

Secret Access Scope: Grants programmatic access to GitHub Enterprise resources including repositories, issues, pull requests, and administrative functions depending on the token's permissions.

Secret Revokement URL: https://docs.github.com/en/enterprise-server/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens

Secret Example: ghp_1a2b3c4d5e6f7g8h9i0j1k2l3m4n5o6p7q8r9

Suspicious Activity Investigation Instructions:

  • Review the audit logs in your GitHub Enterprise instance for unusual activity.
  • Check for unauthorized repository access, code changes, or administrative actions.
  • Examine the token's access history and permissions to identify potential misuse.
  • Look for unexpected repository clones, forks, or downloads.
  • Monitor for unusual API calls or authentication attempts from unfamiliar locations.

Mitigation Instructions:

  • Immediately revoke the compromised token through the GitHub Enterprise web interface.
  • Navigate to Settings > Developer settings > Personal access tokens.
  • Find the compromised token and click "Delete".
  • Review and rotate any other potentially affected tokens.
  • Audit repository access and permissions to ensure no unauthorized changes were made.
  • Consider implementing stricter token policies, such as shorter expiration times.
  • Enable two-factor authentication if not already in use.
  • Review GitHub Enterprise security logs to identify any other potential security issues.