GitHub App Keys
Description
General
- Documentation: https://docs.github.com/en/free-pro-team@latest/rest/reference/apps
- Summary: GitHub Applications are plugins that can be installed on GitHub accounts and organizations. This detector focuses on detecting the applications' credentials as they could possibly be used to retrieve data from GitHub. Note that these credentials are different from GitHub Oauth App Keys, the main differences are listed here. To get more information on the name of the app and the user or oganization it is tied to, visit https://github.com/login/oauth/authorize?client_id=CLIENT_ID_GOES_HERE.
Revoke the secret
Any application owners using OAuth can revoke a grant, which will also delete all OAuth tokens associated with the application for the user (see here.
Details for GitHub App Keys
-
Family: credentials
-
Category: version_control_platform
-
Company: GitHub
-
High recall: True
-
Validity check available: True
-
Analyzer available: False
-
On-premise instances exist: True
-
Only valid secrets raise an alert: False
-
Minimum number of matches: 2
-
Occurrences found for one million commits: 5.52
-
Prefixed: True