Skip to main content

GitHub Enterprise Token



  • Documentation:
  • Summary: GitHub accounts can be controlled programmatically (create/delete repo, create issues, push commits, ...). It is a pretty sensitive leak when the token has a lot of permissions configured. This detector aims at detecting token/host couple used to access resources hosted by on-premise GitHub installations.
  • IPs allowlist: As of the time of writing this documentation, this feature is not yet supported.
  • Scopes: Scopes and permissions of the token can be chosen when creating a GitHub personal access token see GitHub's documentation.

Revoke the secret

Tokens can be revoked from the access tokens panel under developer settings by clicking on the delete button. In the case of an on-premise installation, the previously mentioned URL needs to be modified.

Check for suspicious activity

Based on available information, there is no way to check the last calls made with an API token. But GitHub offers the possibility to review some security logs. This is better than nothing, but won't tell if someone was able to access private repositories for example.

Details for Github enterprise token

  • Family: Api

  • Category: Version control platform

  • Company: GitHub

  • High recall: False

  • Validity check available: True

  • On-premise instances exist: True

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 5.18

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator
- ^csv?$
- ^ebuild$
- ^rst$
- ^txt$
- ^xcuserstate$
- Cartfile\.resolved
- Portfile$
- \.gitrepo$
- ^m$
- _config\.yml$
- arm64
- build-log
- dependencies
- deps
- kernel
- monitor\.log
- ngsw\.json
- packages
- release[_-]notes
- search_plus_index\.json
- vendor
- vendor\.conf
- x86
check_binaries: false
include_default_banlist_extensions: true
ban_markup: false
- type: ContentWhitelistPreValidator
- github\.
- type: ContentWhitelistPreValidator
- '[0-9a-f]{40}'
- type: BanMinifiedPreValidator
threshold_minified: 0.6


- text: |
repoURL = "" - githubAccessToken = "367d3c02f1dc622d340efc5493cea73f3cb924e4"

apikey: 367d3c02f1dc622d340efc5493cea73f3cb924e4

- text: |
+ niqaprocessorgroupid: "8602a810-0164-1000-0000-00005160603a"
+ githubtoken: '28e204929a1e8ebaeb946a76348336fc7fffddbe'
+ githubrepo: ''
+ niencryptionserver:

apikey: 28e204929a1e8ebaeb946a76348336fc7fffddbe

- text: |
! [rejected] use_svc_calls_gdco_gpgx -> use_svc_calls_gdco_gpgx (fetch first)
error: failed to push some refs to ''
hint: Updates were rejected because the remote contains work that you do

apikey: 7b476decd32f22e2d9c00e5836b56a25d7d6e562
- text: repoURL = "" - githubAccessToken = "367d3c02f1dc622d340efc5493cea73f3cb924e4"

apikey: 367d3c02f1dc622d340efc5493cea73f3cb924e4

How can I help you ?