Skip to content

GitHub Fine-Grained PAT

Service Name: GitHub

Service Description: GitHub is a cloud-based service that helps developers store and manage their code, track and control changes to their code, and collaborate with other developers on projects. GitHub provides hosting for software development version control using Git.

Service Address: https://github.com

Validation Type: API Auth

IP Allow list: IP restrictions are available at the organization level through GitHub Enterprise or through the Security settings of an organization.

Secret Access Scope: Fine-grained personal access tokens (PATs) provide more granular control over repository and organization access compared to classic PATs. They can be configured to access specific repositories with custom permission sets rather than all repositories a user has access to.

Secret Revokement URL: https://github.com/settings/tokens

Secret Example: github_pat_11ABCDEF0ghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLM

Suspicious Activity Investigation Instructions:

  • Review the token's access permissions in GitHub settings to understand what resources it could have accessed
  • Check GitHub audit logs for actions performed using the token
  • Review repository activity logs for unusual commits, pull requests, or access patterns
  • Check for unauthorized repository clones or downloads
  • Monitor for unexpected collaborator additions to repositories
  • Review webhook configurations for unauthorized changes

Mitigation Instructions:

  • Immediately revoke the compromised token by navigating to GitHub Settings > Developer Settings > Personal Access Tokens
  • Find the affected token and click "Delete"
  • Review all repositories the token had access to for unauthorized changes
  • Create a new token with minimal necessary permissions if still needed
  • Consider enabling two-factor authentication if not already enabled
  • Review and update repository access permissions
  • Consider implementing SAML SSO for organization access
  • Set up token expiration policies to limit the lifetime of PATs