{"id":69599,"date":"2023-01-19T09:00:43","date_gmt":"2023-01-19T17:00:43","guid":{"rendered":"https:\/\/github.blog\/?p=69599"},"modified":"2023-01-19T09:37:13","modified_gmt":"2023-01-19T17:37:13","slug":"remediation-made-simple-introducing-new-validity-checks-for-github-tokens","status":"publish","type":"post","link":"https:\/\/github.blog\/security\/application-security\/remediation-made-simple-introducing-new-validity-checks-for-github-tokens\/","title":{"rendered":"Remediation made simple: Introducing new validity checks for GitHub tokens"},"content":{"rendered":"<p>If you\u2019re on an application security team, you might use secret scanning to reduce the risk of leaked credentials, like passwords and API keys. When an exposed credential is found, your first step is probably to check whether the token is still active, and what access it has. Now, with validity checks for GitHub tokens, we can help you do just that.<\/p>\n<p>Validity checks determine whether a token is still active and, when possible, whether it was <em>ever<\/em> active. This is useful when you\u2019re deciding how to remediate an exposure. For example, you might prioritize remediating active secrets before checking your security logs for unauthorized access via API keys that have already been revoked.<\/p>\n<p>To check a GitHub token\u2019s validity, open a secret scanning alert for the leaked GitHub token and the alert will tell you whether the secret is still active. If we can\u2019t accurately detect the validity\u2014this can happen when a token found on GitHub.com belongs to a GitHub Enterprise Server instance\u2014we\u2019ll provide insight on where to look for remediation.<\/p>\n<div class=\"image-frame image-frame-full border rounded-2 overflow-hidden d-flex flex-row flex-justify-center\" style=\"background: #EAEEF2\"><br \/>\n<img data-recalc-dims=\"1\" decoding=\"async\" loading=\"lazy\" src=\"https:\/\/github.blog\/wp-content\/uploads\/2023\/01\/pat1.png?w=1024&#038;resize=1024%2C826\" alt=\"Screenshot of the alert that tells whether a secret is still active.\" width=\"1024\" height=\"826\" class=\"aligncenter size-large wp-image-69600 width-fit\" srcset=\"https:\/\/github.blog\/wp-content\/uploads\/2023\/01\/pat1.png?w=1430 1430w, https:\/\/github.blog\/wp-content\/uploads\/2023\/01\/pat1.png?w=300 300w, https:\/\/github.blog\/wp-content\/uploads\/2023\/01\/pat1.png?w=768 768w, https:\/\/github.blog\/wp-content\/uploads\/2023\/01\/pat1.png?w=1024 1024w\" sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><br \/><\/div>\n<p>Coming soon: We\u2019ll validate secrets that belong to  our <a href=\"https:\/\/docs.github.com\/en\/enterprise-cloud@latest\/code-security\/secret-scanning\/secret-scanning-patterns#supported-secrets-for-partner-alerts\">100+ secret scanning partners<\/a> too. Learn more about how you can <a href=\"https:\/\/docs.github.com\/en\/code-security\/secret-scanning\/about-secret-scanning\">secure your repositories with secret scanning<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>GitHub now tells you whether GitHub tokens found by secret scanning are active so you can prioritize and escalate remediation efforts.<\/p>\n","protected":false},"author":1976,"featured_media":62662,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_gh_post_show_toc":"no","_gh_post_is_no_robots":"no","_gh_post_is_featured":"no","_gh_post_is_excluded":"no","_gh_post_is_unlisted":"no","_gh_post_related_link_1":"","_gh_post_related_link_2":"","_gh_post_related_link_3":"","_gh_post_sq_img":"https:\/\/github.blog\/wp-content\/uploads\/2022\/01\/GitHub-Security_square-icon-green.png","_gh_post_sq_img_id":"62724","_gh_post_cta_title":"","_gh_post_cta_text":"","_gh_post_cta_link":"","_gh_post_cta_button":"Click Here to Learn More","_gh_post_recirc_hide":"no","_gh_post_recirc_col_1":"gh-auto-select","_gh_post_recirc_col_2":"65301","_gh_post_recirc_col_3":"65308","_gh_post_recirc_col_4":"65316","_featured_video":"","_gh_post_additional_query_params":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"_wpas_customize_per_network":false,"_links_to":"","_links_to_target":""},"categories":[3334,91],"tags":[2939,2584],"coauthors":[2583],"class_list":["post-69599","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-application-security","category-security","tag-application-security","tag-secret-scanning"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.5 (Yoast SEO v27.5) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Remediation made simple: Introducing new validity checks for GitHub tokens - The GitHub Blog<\/title>\n<meta name=\"description\" content=\"GitHub now tells you whether GitHub tokens found by secret scanning are active so you can prioritize and escalate remediation efforts.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/github.blog\/security\/application-security\/remediation-made-simple-introducing-new-validity-checks-for-github-tokens\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Remediation made simple: Introducing new validity checks for GitHub tokens\" \/>\n<meta property=\"og:description\" content=\"GitHub now tells you whether GitHub tokens found by secret scanning are active so you can prioritize and escalate remediation efforts.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/github.blog\/security\/application-security\/remediation-made-simple-introducing-new-validity-checks-for-github-tokens\/\" \/>\n<meta property=\"og:site_name\" content=\"The GitHub Blog\" \/>\n<meta property=\"article:published_time\" content=\"2023-01-19T17:00:43+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-01-19T17:37:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/github.blog\/wp-content\/uploads\/2022\/01\/Security-Community.png?fit=1200%2C630\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Mariam Sulakian\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mariam Sulakian\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/github.blog\\\/security\\\/application-security\\\/remediation-made-simple-introducing-new-validity-checks-for-github-tokens\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/github.blog\\\/security\\\/application-security\\\/remediation-made-simple-introducing-new-validity-checks-for-github-tokens\\\/\"},\"author\":{\"name\":\"Mariam Sulakian\",\"@id\":\"https:\\\/\\\/github.blog\\\/#\\\/schema\\\/person\\\/526e48908177d1efff2adbf80be4882e\"},\"headline\":\"Remediation made simple: Introducing new validity checks for GitHub tokens\",\"datePublished\":\"2023-01-19T17:00:43+00:00\",\"dateModified\":\"2023-01-19T17:37:13+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/github.blog\\\/security\\\/application-security\\\/remediation-made-simple-introducing-new-validity-checks-for-github-tokens\\\/\"},\"wordCount\":218,\"image\":{\"@id\":\"https:\\\/\\\/github.blog\\\/security\\\/application-security\\\/remediation-made-simple-introducing-new-validity-checks-for-github-tokens\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/github.blog\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/Security-Community.png?fit=1200%2C630\",\"keywords\":[\"application security\",\"Secret Scanning\"],\"articleSection\":[\"Application security\",\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/github.blog\\\/security\\\/application-security\\\/remediation-made-simple-introducing-new-validity-checks-for-github-tokens\\\/\",\"url\":\"https:\\\/\\\/github.blog\\\/security\\\/application-security\\\/remediation-made-simple-introducing-new-validity-checks-for-github-tokens\\\/\",\"name\":\"Remediation made simple: Introducing new validity checks for GitHub tokens - The GitHub Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/github.blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/github.blog\\\/security\\\/application-security\\\/remediation-made-simple-introducing-new-validity-checks-for-github-tokens\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/github.blog\\\/security\\\/application-security\\\/remediation-made-simple-introducing-new-validity-checks-for-github-tokens\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/github.blog\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/Security-Community.png?fit=1200%2C630\",\"datePublished\":\"2023-01-19T17:00:43+00:00\",\"dateModified\":\"2023-01-19T17:37:13+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/github.blog\\\/#\\\/schema\\\/person\\\/526e48908177d1efff2adbf80be4882e\"},\"description\":\"GitHub now tells you whether GitHub tokens found by secret scanning are active so you can prioritize and escalate remediation efforts.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/github.blog\\\/security\\\/application-security\\\/remediation-made-simple-introducing-new-validity-checks-for-github-tokens\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/github.blog\\\/security\\\/application-security\\\/remediation-made-simple-introducing-new-validity-checks-for-github-tokens\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/github.blog\\\/security\\\/application-security\\\/remediation-made-simple-introducing-new-validity-checks-for-github-tokens\\\/#primaryimage\",\"url\":\"https:\\\/\\\/github.blog\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/Security-Community.png?fit=1200%2C630\",\"contentUrl\":\"https:\\\/\\\/github.blog\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/Security-Community.png?fit=1200%2C630\",\"width\":1200,\"height\":630},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/github.blog\\\/security\\\/application-security\\\/remediation-made-simple-introducing-new-validity-checks-for-github-tokens\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/github.blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\\\/\\\/github.blog\\\/security\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Application security\",\"item\":\"https:\\\/\\\/github.blog\\\/security\\\/application-security\\\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Remediation made simple: Introducing new validity checks for GitHub tokens\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/github.blog\\\/#website\",\"url\":\"https:\\\/\\\/github.blog\\\/\",\"name\":\"The GitHub Blog\",\"description\":\"Updates, ideas, and inspiration from GitHub to help developers build and design software.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/github.blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/github.blog\\\/#\\\/schema\\\/person\\\/526e48908177d1efff2adbf80be4882e\",\"name\":\"Mariam Sulakian\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1e66c2b7512f8b58864d5ae3c70f3edc596c1c652b7d0e984f6dc4bd497bb3ca?s=96&d=mm&r=g030b047389fc75256c2df9de96e514d5\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1e66c2b7512f8b58864d5ae3c70f3edc596c1c652b7d0e984f6dc4bd497bb3ca?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1e66c2b7512f8b58864d5ae3c70f3edc596c1c652b7d0e984f6dc4bd497bb3ca?s=96&d=mm&r=g\",\"caption\":\"Mariam Sulakian\"},\"url\":\"https:\\\/\\\/github.blog\\\/author\\\/15mariams\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Remediation made simple: Introducing new validity checks for GitHub tokens - The GitHub Blog","description":"GitHub now tells you whether GitHub tokens found by secret scanning are active so you can prioritize and escalate remediation efforts.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/github.blog\/security\/application-security\/remediation-made-simple-introducing-new-validity-checks-for-github-tokens\/","og_locale":"en_US","og_type":"article","og_title":"Remediation made simple: Introducing new validity checks for GitHub tokens","og_description":"GitHub now tells you whether GitHub tokens found by secret scanning are active so you can prioritize and escalate remediation efforts.","og_url":"https:\/\/github.blog\/security\/application-security\/remediation-made-simple-introducing-new-validity-checks-for-github-tokens\/","og_site_name":"The GitHub Blog","article_published_time":"2023-01-19T17:00:43+00:00","article_modified_time":"2023-01-19T17:37:13+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/github.blog\/wp-content\/uploads\/2022\/01\/Security-Community.png?fit=1200%2C630","type":"image\/png"}],"author":"Mariam Sulakian","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Mariam Sulakian","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/github.blog\/security\/application-security\/remediation-made-simple-introducing-new-validity-checks-for-github-tokens\/#article","isPartOf":{"@id":"https:\/\/github.blog\/security\/application-security\/remediation-made-simple-introducing-new-validity-checks-for-github-tokens\/"},"author":{"name":"Mariam Sulakian","@id":"https:\/\/github.blog\/#\/schema\/person\/526e48908177d1efff2adbf80be4882e"},"headline":"Remediation made simple: Introducing new validity checks for GitHub tokens","datePublished":"2023-01-19T17:00:43+00:00","dateModified":"2023-01-19T17:37:13+00:00","mainEntityOfPage":{"@id":"https:\/\/github.blog\/security\/application-security\/remediation-made-simple-introducing-new-validity-checks-for-github-tokens\/"},"wordCount":218,"image":{"@id":"https:\/\/github.blog\/security\/application-security\/remediation-made-simple-introducing-new-validity-checks-for-github-tokens\/#primaryimage"},"thumbnailUrl":"https:\/\/github.blog\/wp-content\/uploads\/2022\/01\/Security-Community.png?fit=1200%2C630","keywords":["application security","Secret Scanning"],"articleSection":["Application security","Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/github.blog\/security\/application-security\/remediation-made-simple-introducing-new-validity-checks-for-github-tokens\/","url":"https:\/\/github.blog\/security\/application-security\/remediation-made-simple-introducing-new-validity-checks-for-github-tokens\/","name":"Remediation made simple: Introducing new validity checks for GitHub tokens - The GitHub Blog","isPartOf":{"@id":"https:\/\/github.blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/github.blog\/security\/application-security\/remediation-made-simple-introducing-new-validity-checks-for-github-tokens\/#primaryimage"},"image":{"@id":"https:\/\/github.blog\/security\/application-security\/remediation-made-simple-introducing-new-validity-checks-for-github-tokens\/#primaryimage"},"thumbnailUrl":"https:\/\/github.blog\/wp-content\/uploads\/2022\/01\/Security-Community.png?fit=1200%2C630","datePublished":"2023-01-19T17:00:43+00:00","dateModified":"2023-01-19T17:37:13+00:00","author":{"@id":"https:\/\/github.blog\/#\/schema\/person\/526e48908177d1efff2adbf80be4882e"},"description":"GitHub now tells you whether GitHub tokens found by secret scanning are active so you can prioritize and escalate remediation efforts.","breadcrumb":{"@id":"https:\/\/github.blog\/security\/application-security\/remediation-made-simple-introducing-new-validity-checks-for-github-tokens\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/github.blog\/security\/application-security\/remediation-made-simple-introducing-new-validity-checks-for-github-tokens\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/github.blog\/security\/application-security\/remediation-made-simple-introducing-new-validity-checks-for-github-tokens\/#primaryimage","url":"https:\/\/github.blog\/wp-content\/uploads\/2022\/01\/Security-Community.png?fit=1200%2C630","contentUrl":"https:\/\/github.blog\/wp-content\/uploads\/2022\/01\/Security-Community.png?fit=1200%2C630","width":1200,"height":630},{"@type":"BreadcrumbList","@id":"https:\/\/github.blog\/security\/application-security\/remediation-made-simple-introducing-new-validity-checks-for-github-tokens\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/github.blog\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/github.blog\/security\/"},{"@type":"ListItem","position":3,"name":"Application security","item":"https:\/\/github.blog\/security\/application-security\/"},{"@type":"ListItem","position":4,"name":"Remediation made simple: Introducing new validity checks for GitHub tokens"}]},{"@type":"WebSite","@id":"https:\/\/github.blog\/#website","url":"https:\/\/github.blog\/","name":"The GitHub Blog","description":"Updates, ideas, and inspiration from GitHub to help developers build and design software.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/github.blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/github.blog\/#\/schema\/person\/526e48908177d1efff2adbf80be4882e","name":"Mariam Sulakian","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/1e66c2b7512f8b58864d5ae3c70f3edc596c1c652b7d0e984f6dc4bd497bb3ca?s=96&d=mm&r=g030b047389fc75256c2df9de96e514d5","url":"https:\/\/secure.gravatar.com\/avatar\/1e66c2b7512f8b58864d5ae3c70f3edc596c1c652b7d0e984f6dc4bd497bb3ca?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1e66c2b7512f8b58864d5ae3c70f3edc596c1c652b7d0e984f6dc4bd497bb3ca?s=96&d=mm&r=g","caption":"Mariam Sulakian"},"url":"https:\/\/github.blog\/author\/15mariams\/"}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/github.blog\/wp-content\/uploads\/2022\/01\/Security-Community.png?fit=1200%2C630","jetpack_shortlink":"https:\/\/wp.me\/pamS32-i6z","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/posts\/69599","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/users\/1976"}],"replies":[{"embeddable":true,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/comments?post=69599"}],"version-history":[{"count":3,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/posts\/69599\/revisions"}],"predecessor-version":[{"id":69605,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/posts\/69599\/revisions\/69605"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/media\/62662"}],"wp:attachment":[{"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/media?parent=69599"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/categories?post=69599"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/tags?post=69599"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/coauthors?post=69599"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}