Skip to content

GitHub OAuth Token

Service Name: GitHub

Service Description: GitHub is a web-based platform for version control and collaboration that enables developers to store, manage, track, and control changes to their code. It provides hosting for software development and version control using Git.

Service Address: https://github.com

Validation Type: API Auth

IP Allow list: IP restrictions are available at the organization level through GitHub Enterprise security settings.

Secret Access Scope: Grants programmatic access to GitHub resources including repositories, issues, pull requests, and other GitHub API endpoints based on the token's scopes.

Secret Revokement URL: https://github.com/settings/tokens

Secret Example: ghp_1a2b3c4d5e6f7g8h9i0j1k2l3m4n5o6p7q8r

Suspicious Activity Investigation Instructions:

  • Review GitHub audit logs for unusual repository access or actions.
  • Check for unauthorized repository clones, forks, or downloads.
  • Monitor for unexpected commits, pull requests, or issue creation.
  • Examine API usage patterns for abnormal activity.
  • Verify if the token was used from unusual geographic locations.
  • Check for repository permission changes or collaborator additions.

Mitigation Instructions:

  • Immediately revoke the compromised token by navigating to GitHub Settings >

Developer settings > Personal access tokens.

  • Find the affected token and click "Delete".
  • Create a new token with appropriate scopes if needed.
  • Review repository access and permissions for any unauthorized changes.
  • Enable two-factor authentication if not already enabled.
  • Consider implementing SAML SSO for your GitHub organization.
  • Set up branch protection rules to prevent unauthorized code pushes.
  • Review GitHub Actions workflows for any unauthorized modifications.
  • Consider implementing IP allow lists for your organization if using GitHub

Enterprise.