GitHub App Keys

Description

General

• Documentation: https://docs.github.com/en/free-pro-team@latest/rest/reference/apps
• Summary: GitHub Applications are plugins that can be installed on GitHub accounts and organizations. This detector focuses on detecting the applications' credentials as they could possibly be used to retrieve data from GitHub. Note that these credentials are different from GitHub Oauth App Keys, the main differences are listed here. To get more information on the name of the app and the user or oganization it is tied to, visit https://github.com/login/oauth/authorize?client_id=CLIENT_ID_GOES_HERE.
• IPs allowlist: This feature is not currently available.
• Scopes: The app has the scope granted by the user when installing it.

Revoke the secret

Any application owners using OAuth can revoke a grant, which will also delete all OAuth tokens associated with the application for the user (see here.

Check for suspicious activity

This feature is not described in the documentation.

Details for GitHub App Keys

• Family: credentials

• Category: version_control_platform

• Company: GitHub

• High recall: True

• Validity check available: True

• Analyzer available: False

• On-premise instances exist: True

• Only valid secrets raise an alert: False

• Minimum number of matches: 2

• Occurrences found for one million commits: 5.52

• Prefixed: True

• PreValidators:

- type: ContentWhitelistPreValidator
  patterns:
    - iv1\.

Examples

- text: |
    App ID 36327
    Client ID=Iv1.923233af7a5c81af
    Client secret=7dfc7a8b97409e216c35b21e4008938d599def9a
  client_id: Iv1.923233af7a5c81af
  client_secret: 7dfc7a8b97409e216c35b21e4008938d599def9a