Github OAuth Apps Security: How to protect yourself against GitHub/OAuth Apps Supply Chain Attacks

GitHub's security alert from April 15th highlighted the potential for exploiting OAuth app integrations, which is a new vector for rapid compromise of multiple organizations. The key difference between OAuth App and GitHub App is that the former can access user-accessible resources without granular control over permissions. It is recommended to use GitHub Apps due to better operational stability and reduced security risk through more fine-grained access controls. However, many apps request excessive permissions, which could be a potential security concern. Companies should carefully evaluate app permissions and consider using tools like Arnica to mitigate risks associated with software supply chain attacks.