GitHub Enterprise Token
Service Name: GitHub Enterprise
Service Description: GitHub Enterprise is the self-hosted version of GitHub, providing organizations with a secure, compliant environment for software development, code hosting, and collaboration while maintaining control over their data.
Service Address: https://github.com/enterprise
Validation Type: API Auth
IP Allow list: IP allow lists can be configured at the enterprise or organization level to restrict access to specific IP addresses.
Secret Access Scope: Grants programmatic access to GitHub Enterprise resources including repositories, issues, pull requests, and administrative functions depending on the token's permissions.
Secret Revokement URL: https://docs.github.com/en/enterprise-server/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens
Secret Example: ghp_1a2b3c4d5e6f7g8h9i0j1k2l3m4n5o6p7q8r9
Suspicious Activity Investigation Instructions:
- Review the audit logs in your GitHub Enterprise instance for unusual activity.
- Check for unauthorized repository access, code changes, or administrative actions.
- Examine the token's access history and permissions to identify potential misuse.
- Look for unexpected repository clones, forks, or downloads.
- Monitor for unusual API calls or authentication attempts from unfamiliar locations.
Mitigation Instructions:
- Immediately revoke the compromised token through the GitHub Enterprise web interface.
- Navigate to Settings > Developer settings > Personal access tokens.
- Find the compromised token and click "Delete".
- Review and rotate any other potentially affected tokens.
- Audit repository access and permissions to ensure no unauthorized changes were made.
- Consider implementing stricter token policies, such as shorter expiration times.
- Enable two-factor authentication if not already in use.
- Review GitHub Enterprise security logs to identify any other potential security issues.