Skip to content

GitHub Key

Service Name: GitHub

Service Description: GitHub is a web-based platform for version control and collaboration that lets developers store, manage, and track changes to their code.

Service Address: https://github.com

Validation Type: NHI Enriched API Auth

IP Allow list: Does not exist

Secret Access Scope: Grants access to GitHub repositories, user data, and other GitHub resources based on the token's permissions.

Secret Revokement URL: https://github.com/settings/tokens

Secret Example: ghp_aBcDeFgHiJkLmNoPqRsTuVwXyZ0123456789

Suspicious Activity Investigation Instructions:

  • Check the GitHub audit log for unusual activity or unauthorized access
  • Review recent repository activity for unexpected commits, pull requests, or access changes
  • Check for unauthorized webhooks or GitHub Apps connected to your repositories
  • Examine the token's access history and scope of permissions
  • Look for unusual geographic access patterns in the security log

Mitigation Instructions:

  • Immediately revoke the compromised token in GitHub settings
  • Navigate to GitHub.com → Settings → Developer settings → Personal access tokens
  • Find the compromised token and click "Delete"
  • Review all repositories for unauthorized changes or commits
  • Rotate any other potentially affected secrets or credentials
  • Consider enabling two-factor authentication if not already enabled
  • Review and restrict token permissions to only what is necessary