Skip to content

GitHub Webhook Secret

Service Name: GitHub

Service Description: GitHub is a web-based platform for version control and collaboration that enables developers to store, manage, track, and control changes to their code. Webhook secrets are used to secure webhook payloads sent from GitHub to your server.

Service Address: https://github.com

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the organization level through GitHub Enterprise security settings.

Secret Access Scope: Grants the ability to validate that webhook payloads sent to your server are genuinely from GitHub. It does not provide direct access to repositories or GitHub account features.

Secret Revokement URL: https://github.com/settings/hooks

Secret Example: whsec_8fKx2uA7hL9GtHiJmPvU3oQrZcY0dN4bS5Tz6WqE

Suspicious Activity Investigation Instructions:

  • Review server logs for incoming webhook requests that may have used the compromised secret.
  • Check for any unauthorized actions that might have been triggered by webhook events.
  • Examine GitHub webhook delivery history in repository settings to identify potentially malicious payloads.
  • Verify if any automated workflows or CI/CD pipelines were triggered unexpectedly.
  • Monitor for any unusual repository activities that could have been initiated via webhooks.

Mitigation Instructions:

  • Navigate to your GitHub repository or organization settings.
  • Go to the "Webhooks" section.
  • Select the webhook with the compromised secret.
  • Click "Edit" and generate a new secret or delete and recreate the webhook with a new secret.
  • Update your server-side code to use the new webhook secret for payload validation.
  • Implement IP allowlisting in your webhook endpoint to only accept requests from GitHub's IP ranges.
  • Consider implementing additional validation checks in your webhook handler.