Nexum

Help guide

Creating a GitHub fine-grained token for Nexum

You only need this if the organization or repositories you're auditing are private. For fully public orgs/users, leave the token field blank — Nexum reads publicly visible data without one.

  1. Go to github.com and make sure you're logged in as someone with access to the org/repos you're auditing.
  2. Click your profile picture (top right) → Settings.
  3. In the left sidebar, scroll down to Developer settings (near the bottom).
  4. Personal access tokens → Fine-grained tokens → Generate new token.
  5. Give it a name you'll recognize later, e.g. "Nexum audit — read only".
  6. Set an expiration — a short one (7 days) is recommended since this token only needs to exist for the audit.
  7. Resource owner: select the organization or account you're auditing.
  8. Repository access: choose only the specific repositories being audited, or "All repositories" only if you genuinely want org-wide visibility.
  9. Under Permissions, grant only what's needed as Read-only (e.g. Administration, Members, Metadata) — never grant any Write permission or account-wide scope.
  10. Click Generate token, then copy the value immediately — GitHub shows it only once.
Creating a GitHub fine-grained token for Nexum
Back to scan