GitHub Enterprise Token
Description
General
- Documentation: https://docs.github.com/en/rest/overview/other-authentication-methods#via-oauth-and-personal-access-tokens
- Summary: GitHub accounts can be controlled programmatically (create/delete repo, create issues, push commits, ...). It is a pretty sensitive leak when the token has a lot of permissions configured. This detector aims at detecting token/host couple used to access resources hosted by GitHub Enterprise Server instances until version 3.1.22.
Revoke the secret
Tokens can be revoked from the access tokens panel under developer settings by clicking on the delete button. In the case of an on-premise installation, the previously mentioned URL needs to be modified.
Details for GitHub Enterprise Token
-
Family: token
-
Category: version_control_platform
-
Company: GitHub
-
High recall: False
-
Validity check available: True
-
Analyzer available: False
-
On-premise instances exist: False
-
Only valid secrets raise an alert: True
-
Minimum number of matches: 2
-
Occurrences found for one million commits: 10.72
-
Prefixed: False
