prowler/docs/tutorials/github/authentication.md

# Github Authentication in Prowler

Prowler supports multiple methods to [authenticate with GitHub](https://docs.github.com/en/rest/authentication/authenticating-to-the-rest-api). These include:

- **Personal Access Token (PAT)**
- **OAuth App Token**
- **GitHub App Credentials**

This flexibility enables scanning and analysis of GitHub accounts, including repositories, organizations, and applications, using the method that best suits the use case.

## Supported Login Methods

Here are the available login methods and their respective flags:

### Personal Access Token (PAT)

Use this method by providing your personal access token directly.

```console
prowler github --personal-access-token pat
```

### OAuth App Token

Authenticate using an OAuth app token.

```console
prowler github --oauth-app-token oauth_token
```

### GitHub App Credentials
Use GitHub App credentials by specifying the App ID and the private key path.

```console
prowler github --github-app-id app_id --github-app-key-path app_key_path
```

### Automatic Login Method Detection

If no login method is explicitly provided, Prowler will automatically attempt to authenticate using environment variables in the following order of precedence:

1. `GITHUB_PERSONAL_ACCESS_TOKEN`
2. `GITHUB_OAUTH_APP_TOKEN`
3. `GITHUB_APP_ID` and `GITHUB_APP_KEY` (where the key is the content of the private key file)

???+ note
    Ensure the corresponding environment variables are set up before running Prowler for automatic detection when not specifying the login method.