GitHub Fine Grained Personal Access Token
Description
General
- Documentation: https://docs.github.com/en/rest/overview/permissions-required-for-fine-grained-personal-access-tokens
- Summary: GitHub Fine-Grained Personal Access Tokens are a more granular and secure alternative to classic Personal Access Tokens. These tokens allow users to define highly specific permissions for accessing repositories, organizations, or other resources.
Details for GitHub fine-grained personal access token
-
Family: token
-
Category: version_control_platform
-
Company: GitHub
-
High recall: False
-
Validity check available: True
-
Analyzer available: True
-
Revoker available: True
-
On-premise instances exist: True
-
Only valid secrets raise an alert: False
-
Minimum number of matches: 1
-
Occurrences found for one million commits: 45.53
-
Prefixed: False
Secret Analyzer
Analysis Method
- Provider allows scopes enumeration: False
- Total network call count: 80
- Total call count may vary: True
HTTP Calls
Requests are designed to capture metadata and not to function effectively.
- GET: /repos/*/*/actions/jobs/*
- GET: /repos/*/*/actions/permissions
- GET: /repos/*/*/actions/secrets/public-key
- GET: /repos/*/*/actions/variables
- GET: /repos/*/*/attestations/*
- GET: /repos/*/*/codespaces
- GET: /repos/*/*/codespaces/machines
- GET: /repos/*/*/codespaces/permissions_check
- GET: /repos/*/*/collaborators
- GET: /repos/*/*/commits/*/status
- GET: /repos/*/*/dependabot/secrets/public-key
- GET: /repos/*/*/deployments/*
- GET: /repos/*/*/hooks
- GET: /repos/*/*/milestones
- GET: /repos/*/*/pages/builds/latest
- GET: /repos/*/*/pulls
- GET: /repos/*/*/releases/latest
- GET: /repos/*/*/secret-scanning/alerts
- GET: /user
- GET: /user/blocks
- GET: /user/codespaces/secrets/public-key
- GET: /user/emails
- GET: /user/followers
- GET: /user/gpg_keys
- GET: /user/interaction-limits
- GET: /user/keys
- GET: /user/repos
- GET: /user/ssh_signing_keys
- GET: /users/*/settings/billing/usage
- PATCH: /repos/*/*/secret-scanning/alerts/*
- PATCH: /user/email/visibility
- POST: /gists
- POST: /repos/*/*/actions/jobs/*/rerun
- POST: /repos/*/*/actions/variables
- POST: /repos/*/*/attestations
- POST: /repos/*/*/autolinks
- POST: /repos/*/*/dependency-graph/snapshots
- POST: /repos/*/*/deployments
- POST: /repos/*/*/hooks
- POST: /repos/*/*/issues
- POST: /repos/*/*/pages
- POST: /repos/*/*/pulls
- POST: /repos/*/*/releases
- POST: /repos/*/*/statuses/*
- POST: /user/gpg_keys
- POST: /user/keys
- POST: /user/social_accounts
- POST: /user/ssh_signing_keys
- PUT: /repos/*/*/actions/secrets/*
- PUT: /repos/*/*/codespaces/secrets/*
- PUT: /repos/*/*/dependabot/secrets/*
- PUT: /user/blocks/*
- PUT: /user/codespaces/secrets/*
- PUT: /user/interaction-limits
Other Calls
Non-HTTP queries or HTTP calls made through a third-party app (e.g., Python package). No other calls for this analyzer.
Revoker
Auth Credentials
Valid credentials needed to authenticate the request. No extra credentials needed for this revoker.
HTTP Calls
List of calls performed by the revoker.
- POST: /credentials/revoke
Revocation Mode
Revocation is synchronous.
