fix(github): GitHub Personal Access Token authentication fails without user:email scope (#8580)

This commit is contained in:
Andoni Alonso
2025-08-27 09:57:32 +02:00
committed by GitHub
parent 26a4dd4e8d
commit 65e7e89d61
3 changed files with 24 additions and 5 deletions
@@ -11,7 +11,7 @@ This guide explains how to set up authentication with GitHub for Prowler. The do
### 1. Personal Access Token (PAT)
Personal Access Tokens provide the simplest GitHub authentication method and support individual user authentication or testing scenarios.
Personal Access Tokens provide the simplest GitHub authentication method, but it can only access resources owned by a single user or organization.
???+ warning "Classic Tokens Deprecated"
GitHub has deprecated Personal Access Tokens (classic) in favor of fine-grained Personal Access Tokens. We recommend using fine-grained tokens as they provide better security through more granular permissions and resource-specific access control.
@@ -186,7 +186,10 @@ GitHub Apps provide the recommended integration method for accessing multiple re
- **Account permissions**:
- Email addresses (Read)
4. **Generate Private Key**
4. **Where can this GitHub App be installed?**
- Select "Any account" to be able to install the GitHub App in any organization.
5. **Generate Private Key**
- Scroll to the "Private keys" section after app creation
- Click "Generate a private key"
- Download the `.pem` file and store securely