Skip to main content

GitHub Advanced Security setting modified

ID:github_advanced_security_modification
Data type:GitHub
Severity:
Low
MITRE ATT&CK:TA0005:T1562

Description

AlphaSOC detected a modification to GitHub Advanced Security settings. These settings involve features such as code scanning, secret scanning, or dependency review. Threat actors may disable or modify them to prevent detection of malicious code, exposed secrets, or vulnerable dependencies they plan to introduce into repositories.

Impact

Modifications to GitHub Advanced Security settings could leave repositories vulnerable to undetected security threats. Disabling these features may allow threat actors to commit malicious code, expose sensitive credentials, or introduce vulnerable dependencies without triggering security alerts.

Severity

SeverityCondition
Low
GitHub Advanced Security setting modified

Investigation and Remediation

Review GitHub audit logs to identify who made the changes and verify if they were authorized. Check which specific security features were modified and assess any code changes or commits made after the security settings were altered. If unauthorized, change the credentials of the user who performed the modifications, restore the original security settings, rotate any potentially exposed secrets, and conduct a thorough review of the environment for other signs of potential compromise.