GitHub Token Revocation API Support#43699
GitHub Token Revocation API Support#43699barryyosi-panw merged 13 commits intodemisto:contrib/bowenaguero_masterfrom
Conversation
content-bot
added
Contribution
|
Thank you for your contribution. Your generosity and caring are unrivaled! Make sure to register your contribution by filling the Contribution Registration form, so our content wizard @kamalq97 will know the proposed changes are ready to be reviewed. |
|
Hi @bowenaguero, thanks for contributing to the XSOAR marketplace. To receive credit for your generous contribution please follow this link. |
🤖 AI-Powered Code Review AvailableHi @kamalq97, you can leverage AI-powered code review to assist with this PR! Available Commands:
|
There was a problem hiding this comment.
Pull request overview
Adds support in the GitHub pack integration for GitHub’s credential (token) revocation REST endpoint, exposing it as a new XSOAR command intended for incident response use.
Changes:
- Added
github-revoke-credentialscommand implementation and command routing in the GitHub integration. - Added YAML command definitions (including legacy/deprecated alias) and unit tests for the new command.
- Bumped pack version and added release notes for the new feature.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| Packs/GitHub/pack_metadata.json | Version bump to release the new feature. |
| Packs/GitHub/ReleaseNotes/2_3_0.md | Release note entry describing the new revoke-credentials command. |
| Packs/GitHub/Integrations/GitHub/GitHub_test.py | Added unit tests covering success and validation/error paths for token revocation. |
| Packs/GitHub/Integrations/GitHub/GitHub.yml | Added new command definitions (canonical + deprecated alias) and various argument formatting adjustments. |
| Packs/GitHub/Integrations/GitHub/GitHub.py | Implemented github_revoke_credentials_command and registered it in the commands map. |
Comments suppressed due to low confidence (1)
Packs/GitHub/Integrations/GitHub/GitHub.yml:7268
- In
github-list-workflows, bothworkflowandlimitare marked asisArray: true, but the code expectsworkflowto be a single workflow filename and castslimittoint. If these are provided as lists (as the YAML schema implies), the command will fail (e.g.,int(list)TypeError) or generate invalid URLs. Adjust the argument schemas to match the implementation (non-array scalar values).
- description: The name of your workflow file.
name: workflow
isArray: true
required: true
- description: The number of workflows to return. Default is 100.
isArray: true
name: limit
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| isArray: true | ||
| - description: The name of your workflow file. | ||
| name: workflow | ||
| isArray: true | ||
| required: true | ||
| - description: The number of workflows to return. Default is 100. | ||
| isArray: true |
There was a problem hiding this comment.
In github-list-workflows, the repository argument is marked as isArray: true, but the implementation treats it as a single string when constructing the URL. This can cause invalid URLs if a list is passed. Update the YAML argument definition to not be an array (consistent with other workflow commands).
| isArray: true | |
| - description: The name of your workflow file. | |
| name: workflow | |
| isArray: true | |
| required: true | |
| - description: The number of workflows to return. Default is 100. | |
| isArray: true | |
| - description: The name of your workflow file. | |
| name: workflow | |
| required: true | |
| - description: The number of workflows to return. Default is 100. |
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
content-bot
added
Community
Contribution Form Filled
barryyosi-panw
added
the
ready-for-ai-review
marketplace-ai-reviewer
removed
the
ready-for-ai-review
|
🤖 Analysis started. Please wait for results... |
🤖 AI Review DisclaimerThis review was generated by an AI-powered tool and may contain inaccuracies. Please be advised, and we extend our sincere apologies for any inconvenience this may cause. |
marketplace-ai-reviewer
left a comment
marketplace-ai-reviewer
left a comment
There was a problem hiding this comment.
Thanks for your contribution to the GitHub pack! I've reviewed your changes and found a few minor issues to address. Please check the integration code for a potential AttributeError on successful API responses and ensure the ghs_ prefix is used for server-to-server tokens. Finally, make sure to add 'GitHub' to the keywords list in the pack metadata. Let me know if you have any questions!
Additionally, please address the following file-level notes:
Packs/GitHub/pack_metadata.json: The vendor name 'GitHub' must be included in thekeywordslist.
@barryyosi-panw, @copilot-pull-request-reviewer[bot] please review and approve the results generated by the AI Reviewer by responding 👍 on this comment.
There was a problem hiding this comment.
Please avoid unnecessary, cosmetic changes.
There was a problem hiding this comment.
This is addressed in my most recent commit
|
|
barryyosi-panw
added
the
ready-for-instance-test
|
Looks good to me! |
|
For the Reviewer: Trigger build request has been accepted for this contribution PR. |
|
For the Reviewer: Successfully created a pipeline in GitLab with url: https://gitlab.xdr.pan.local/xdr/cortex-content/content/-/pipelines/8137787 |
content-bot
removed
the
ready-for-instance-test
|
Validate summary Verdict: PR can be force merged from validate perspective? ❌ |
Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com>
Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com>
barryyosi-panw
merged commit 90c9918
into
demisto:contrib/bowenaguero_master
|
Thank you for your contribution. Your external PR has been merged and the changes are now included in an internal PR for further review. The internal PR will be merged to the master branch within 3 business days. |
* GitHub Token Revocation API Support (#43699) * feat: Add github-revoke-credentials command for token revocation * update release notes and pack_metadata * Update release notes and formatting * Update Packs/GitHub/Integrations/GitHub/GitHub.py Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update Packs/GitHub/ReleaseNotes/2_3_0.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Changed version bump from minor to revision * Fix broken test * run pre-commit * Removed the unecessary deprecated command and made credentials a "secret" * Remove unnecessary cosmetic changes * Update Packs/GitHub/Integrations/GitHub/GitHub.yml Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> * Update Packs/GitHub/ReleaseNotes/2_2_6.md Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> * Bump pack from version GitHub to 2.2.7. * Update README.md: Add GitHub credential revocation API endpoint and revoke �[K credentials command details --------- Co-authored-by: Bowen Aguero <127001006+bowenaguero@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: barryyosi-panw <byosilevich@paloaltonetworks.com>
* GitHub Token Revocation API Support (#43699) * feat: Add github-revoke-credentials command for token revocation * update release notes and pack_metadata * Update release notes and formatting * Update Packs/GitHub/Integrations/GitHub/GitHub.py Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update Packs/GitHub/ReleaseNotes/2_3_0.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Changed version bump from minor to revision * Fix broken test * run pre-commit * Removed the unecessary deprecated command and made credentials a "secret" * Remove unnecessary cosmetic changes * Update Packs/GitHub/Integrations/GitHub/GitHub.yml Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> * Update Packs/GitHub/ReleaseNotes/2_2_6.md Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> * Bump pack from version GitHub to 2.2.7. * Update README.md: Add GitHub credential revocation API endpoint and revoke �[K credentials command details --------- Co-authored-by: Bowen Aguero <127001006+bowenaguero@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: barryyosi-panw <byosilevich@paloaltonetworks.com>
* GitHub Token Revocation API Support (demisto#43699) * feat: Add github-revoke-credentials command for token revocation * update release notes and pack_metadata * Update release notes and formatting * Update Packs/GitHub/Integrations/GitHub/GitHub.py Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update Packs/GitHub/ReleaseNotes/2_3_0.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Changed version bump from minor to revision * Fix broken test * run pre-commit * Removed the unecessary deprecated command and made credentials a "secret" * Remove unnecessary cosmetic changes * Update Packs/GitHub/Integrations/GitHub/GitHub.yml Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> * Update Packs/GitHub/ReleaseNotes/2_2_6.md Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> * Bump pack from version GitHub to 2.2.7. * Update README.md: Add GitHub credential revocation API endpoint and revoke �[K credentials command details --------- Co-authored-by: Bowen Aguero <127001006+bowenaguero@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: barryyosi-panw <byosilevich@paloaltonetworks.com>
Adds support to the GitHub marketplace integration for the token revocation REST API endpoint. This is a newly introduced feature from GitHub.
Introduces a command that, when invoked with one or more valid GH access tokens as a provided argument, submits a revocation request to GitHub for the tokens.
Useful for IR scenarios where internal tokens have been leaked or exposed to the public and need immediate remediation.
Feature Release:
https://github.blog/changelog/2026-03-26-credential-revocation-api-now-supports-github-oauth-and-github-app-credentials/
Background:
https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/token-expiration-and-revocation#token-revoked-by-a-third-party
API Docs:
https://docs.github.com/en/rest/credentials/revoke?apiVersion=2026-03-10
relates: https://jira-dc.paloaltonetworks.com/browse/CIAC-16393