Tag
personal-access-tokens
Safeguard articles tagged "personal-access-tokens" — guides, analysis, and best practices for software supply chain and application security.
3 articles
Security Guides
GitHub Token Security (2026 Guide)
GitHub tokens are keys to your source, your CI, and often your cloud. This guide covers PATs, fine-grained tokens, GitHub App and Actions tokens — and how to scope, store, and rotate them after the CircleCI and Heroku token thefts.
Jul 3, 20266 min read
Cloud Security
Azure DevOps Personal Access Tokens in 2026: Rotation, Scoping, and Replacement
PATs remain the most common credential leak in Azure DevOps incidents. We trace the patterns that actually reduce risk and the migration paths that retire them entirely.
Apr 17, 20267 min read
Incident Analysis
The GitHub Dependabot Token Incident: Retrospective
In 2023, attackers used stolen GitHub personal access tokens to push malicious commits masquerading as Dependabot; a short-sharp incident with lasting lessons.
Aug 15, 20247 min read