Skip to main content

GitHub App Keys

Description#

General#

  • Documentation: https://docs.github.com/en/free-pro-team@latest/rest/reference/apps
  • Summary: GitHub Applications are plugins that can be installed on GitHub accounts and organizations. This detector focuses on detecting the applications' credentials as they could possibly be used to retrieve data from GitHub. Note that these credentials are different from GitHub Oauth App Keys, the main differences are listed here.
  • IPs allowlist: This feature is not currently available.
  • Scopes: The app has the scope granted by the user when installing it.

Revoke the secret#

Any application owners using OAuth can revoke a grant, which will also delete all OAuth tokens associated with the application for the user (see here.

Check for suspicious activity#

This feature is not described in the documentation.

Details for Github app keys#

  • Category: Version control platform

  • Company: GitHub

  • High recall: True

  • Validity check available: True

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 2.79

  • Prefixed: True

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - css  - html  - lock  - md  - storyboard  - xib  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - iv1

Examples#

- text: >    Owned by @GitGuard    App ID 36327    Client ID Iv1.923233af7a5c81af    Client secret 7dfc7a8b97409e216c35b21e4008938d599def9a  client_id: Iv1.923233af7a5c81af  client_secret: 7dfc7a8b97409e216c35b21e4008938d599def9a