GitHub Advanced Security setting modified
Description
AlphaSOC detected a modification to GitHub Advanced Security settings. These settings involve features such as code scanning, secret scanning, or dependency review. Threat actors may disable or modify them to prevent detection of malicious code, exposed secrets, or vulnerable dependencies they plan to introduce into repositories.
Impact
Modifications to GitHub Advanced Security settings could leave repositories vulnerable to undetected security threats. Disabling these features may allow threat actors to commit malicious code, expose sensitive credentials, or introduce vulnerable dependencies without triggering security alerts.
Severity
Severity | Condition |
---|---|
Low | GitHub Advanced Security setting modified |
Investigation and Remediation
Review GitHub audit logs to identify who made the changes and verify if they were authorized. Check which specific security features were modified and assess any code changes or commits made after the security settings were altered. If unauthorized, change the credentials of the user who performed the modifications, restore the original security settings, rotate any potentially exposed secrets, and conduct a thorough review of the environment for other signs of potential compromise.