GitHub Key
Service Name: GitHub
Service Description: GitHub is a web-based platform for version control and collaboration that lets developers store, manage, and track changes to their code.
Service Address: https://github.com
Validation Type: NHI Enriched API Auth
IP Allow list: Does not exist
Secret Access Scope: Grants access to GitHub repositories, user data, and other GitHub resources based on the token's permissions.
Secret Revokement URL: https://github.com/settings/tokens
Secret Example: ghp_aBcDeFgHiJkLmNoPqRsTuVwXyZ0123456789
Suspicious Activity Investigation Instructions:
- Check the GitHub audit log for unusual activity or unauthorized access
- Review recent repository activity for unexpected commits, pull requests, or access changes
- Check for unauthorized webhooks or GitHub Apps connected to your repositories
- Examine the token's access history and scope of permissions
- Look for unusual geographic access patterns in the security log
Mitigation Instructions:
- Immediately revoke the compromised token in GitHub settings
- Navigate to GitHub.com → Settings → Developer settings → Personal access tokens
- Find the compromised token and click "Delete"
- Review all repositories for unauthorized changes or commits
- Rotate any other potentially affected secrets or credentials
- Consider enabling two-factor authentication if not already enabled
- Review and restrict token permissions to only what is necessary