Skip to main content

GitHub Personal Access Token

Description

General

  • Documentation: https://docs.github.com/en/rest/overview/other-authentication-methods#via-oauth-and-personal-access-tokens
  • Summary: GitHub is a code hosting platform for version control and collaboration. Personal Access Tokens (PATs) are used to authenticate API requests on behalf of a GitHub user. These tokens are issued by a user and can be configured with specific scopes to limit their permissions. GitGuardian supports both the old and new formats for these tokens. This detector group focuses on identifying classic GitHub Personal Access Tokens.

Revoke the secret

Tokens can be revoked from the access tokens panel. Navigate to the "Personal access tokens" section and delete the token to revoke access.

Details for GitHub Token

  • Family: token

  • Category: version_control_platform

  • Company: GitHub

  • High recall: False

  • Validity check available: True

  • Analyzer available: True

  • On-premise instances exist: True

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 1

  • Occurrences found for one million commits: very rare

  • Prefixed: False

Details for GitHub Personal Access Token

  • Family: token

  • Category: version_control_platform

  • Company: GitHub

  • High recall: False

  • Validity check available: True

  • Analyzer available: True

  • On-premise instances exist: True

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 98.07

  • Prefixed: False

Secret Analyzer

Analysis Method

  • Provider allows scopes enumeration: True
  • Total network call count: 1
  • Total call count may vary: False

HTTP Calls

Requests are designed to capture metadata and not to function effectively.

  • GET: /user

Other Calls

Non-HTTP queries or HTTP calls made through a third-party app (e.g., Python package). No other calls for this analyzer.