{"id":72667,"date":"2023-06-26T09:36:07","date_gmt":"2023-06-26T16:36:07","guid":{"rendered":"https:\/\/github.blog\/?p=72667"},"modified":"2026-02-04T14:59:41","modified_gmt":"2026-02-04T22:59:41","slug":"new-tool-to-secure-your-github-actions","status":"publish","type":"post","link":"https:\/\/github.blog\/security\/new-tool-to-secure-your-github-actions\/","title":{"rendered":"How to identify and fix overly powerful GitHub Actions permissions using workflow monitoring"},"content":{"rendered":"<p>We are excited to release a public beta of <a href=\"https:\/\/github.com\/GitHubSecurityLab\/actions-permissions\">actions-permissions<\/a>, a tool which monitors your GitHub Actions workflows and recommends the minimum permissions required to run them.<\/p>\n<p>Every GitHub workflow receives a temporary repository access token (GITHUB_TOKEN). These tokens originally had a very broad set of permissions with full read and write to the repository (except for pull requests from forks). In 2021, we introduced <a href=\"https:\/\/github.blog\/changelog\/2021-04-20-github-actions-control-permissions-for-github_token\/\">a more fine grained permission model<\/a> for workflow tokens and today <a href=\"https:\/\/github.blog\/changelog\/2023-02-02-github-actions-updating-the-default-github_token-permissions-to-read-only\/\">the default permissions for new repositories and organizations are set to read-only<\/a>. However, a significant number of workflows still use a write-all token due to default workflow permission settings without actually requiring write permissions. If you want to check if you are using a broad default permission for your workflow tokens, you can go to the repository (or organization) settings->actions and check the \u201cWorkflow permissions\u201d section:<\/p>\n<p><img data-recalc-dims=\"1\" decoding=\"async\" loading=\"lazy\" src=\"https:\/\/github.blog\/wp-content\/uploads\/2023\/06\/actions-tool-3.png?w=1024&#038;resize=1024%2C253\" alt=\"A screenshot of the menu for setting your repository&#039;s &quot;Workflow permissions.&quot; This is found under repository settings--actions. Changing this to read-only (the second radio button in the screenshot) is a security best practice.\" width=\"1024\" height=\"253\" class=\"aligncenter size-large wp-image-72668 width-fit\" srcset=\"https:\/\/github.blog\/wp-content\/uploads\/2023\/06\/actions-tool-3.png?w=1600 1600w, https:\/\/github.blog\/wp-content\/uploads\/2023\/06\/actions-tool-3.png?w=300 300w, https:\/\/github.blog\/wp-content\/uploads\/2023\/06\/actions-tool-3.png?w=768 768w, https:\/\/github.blog\/wp-content\/uploads\/2023\/06\/actions-tool-3.png?w=1024 1024w, https:\/\/github.blog\/wp-content\/uploads\/2023\/06\/actions-tool-3.png?w=1536 1536w\" sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><\/p>\n<p>While changing this setting to read-only is a best security practice, it may potentially break existing workflows which currently \u201cjust work\u201d with write-all permissions. Applying the least privilege security principle and assigning the minimal needed permissions for the repository token in every workflow case by case can also be a potentially breaking change because complex workflows may include multiple actions and it is easy to miss a permission required for the workflow to function properly. Because workflows can execute a variety of steps, pending error and success criteria, it is also challenging to uncover the full privilege set required for more complicated workflow definitions.<\/p>\n<p>To help you more smoothly navigate the transition to a least-privilege workflow token model, we have published a set of GitHub Actions that allow you to monitor and enumerate the set of privileges that are required by a given GitHub workflow.<\/p>\n<p>The <a href=\"https:\/\/github.com\/GitHubSecurityLab\/actions-permissions\/tree\/main\/monitor\">Monitor action<\/a> installs a local proxy (no information is sent to any third parties) into your workflow runner, collects information about any GitHub API interactions initiated by the workflow, and then displays the recommended minimal permissions as part of a workflow run summary:<\/p>\n<p><img data-recalc-dims=\"1\" decoding=\"async\" loading=\"lazy\" src=\"https:\/\/github.blog\/wp-content\/uploads\/2023\/06\/actions-tool-1.png?w=1024&#038;resize=1024%2C871\" alt=\"Screenshot of the output from the Monitor action displaying the minimal required permissions for the given repository.\" width=\"1024\" height=\"871\" class=\"aligncenter size-large wp-image-72669 width-fit\" srcset=\"https:\/\/github.blog\/wp-content\/uploads\/2023\/06\/actions-tool-1.png?w=1540 1540w, https:\/\/github.blog\/wp-content\/uploads\/2023\/06\/actions-tool-1.png?w=300 300w, https:\/\/github.blog\/wp-content\/uploads\/2023\/06\/actions-tool-1.png?w=768 768w, https:\/\/github.blog\/wp-content\/uploads\/2023\/06\/actions-tool-1.png?w=1024 1024w, https:\/\/github.blog\/wp-content\/uploads\/2023\/06\/actions-tool-1.png?w=1536 1536w\" sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><\/p>\n<p>The <a href=\"https:\/\/github.com\/GitHubSecurityLab\/actions-permissions\/tree\/main\/advisor\">Advisor action<\/a>, which you can also use as a local tool, is able to summarize the recommendations from multiple runs of the workflow:<\/p>\n<p><img data-recalc-dims=\"1\" decoding=\"async\" loading=\"lazy\" src=\"https:\/\/github.blog\/wp-content\/uploads\/2023\/06\/actions-tool-2.png?w=300&#038;resize=300%2C275\" alt=\"\" width=\"300\" height=\"275\" class=\"aligncenter size-medium wp-image-72670 width-fit\" srcset=\"https:\/\/github.blog\/wp-content\/uploads\/2023\/06\/actions-tool-2.png?w=1346 1346w, https:\/\/github.blog\/wp-content\/uploads\/2023\/06\/actions-tool-2.png?w=300 300w, https:\/\/github.blog\/wp-content\/uploads\/2023\/06\/actions-tool-2.png?w=768 768w, https:\/\/github.blog\/wp-content\/uploads\/2023\/06\/actions-tool-2.png?w=1024 1024w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/p>\n<p>Once you apply the recommended permissions in the workflow you can stop using the tools. Any newly required permissions for future iterations of your workflow can be added as needed.<\/p>\n<p>We are excited to make the beta of our permission monitoring GitHub Actions available to you and hope they will help you transition to a more secure workflow permission model. Please give them a try and <a href=\"https:\/\/github.com\/GitHubSecurityLab\/actions-permissions\/discussions\">share your feedback with us<\/a>!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Introducing a new tool to monitor and control the permissions of the repository token for GitHub Actions.<\/p>\n","protected":false},"author":1965,"featured_media":62479,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_gh_post_show_toc":"no","_gh_post_is_no_robots":"no","_gh_post_is_featured":"no","_gh_post_is_excluded":"no","_gh_post_is_unlisted":"no","_gh_post_related_link_1":"","_gh_post_related_link_2":"","_gh_post_related_link_3":"","_gh_post_sq_img":"https:\/\/github.blog\/wp-content\/uploads\/2022\/01\/GitHub-Security_orange-square-icon-e1644630762962.png","_gh_post_sq_img_id":"62566","_gh_post_cta_title":"","_gh_post_cta_text":"","_gh_post_cta_link":"","_gh_post_cta_button":"Click Here to Learn More","_gh_post_recirc_hide":"no","_gh_post_recirc_col_1":"gh-auto-select","_gh_post_recirc_col_2":"65301","_gh_post_recirc_col_3":"65308","_gh_post_recirc_col_4":"65316","_featured_video":"","_gh_post_additional_query_params":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"_wpas_customize_per_network":false,"_links_to":"","_links_to_target":""},"categories":[91],"tags":[122,1915],"coauthors":[2555],"class_list":["post-72667","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-github-actions","tag-github-security-lab"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.7 (Yoast SEO v27.7) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>How to identify and fix overly powerful GitHub Actions permissions using workflow monitoring - The GitHub Blog<\/title>\n<meta name=\"description\" content=\"Introducing a new tool to monitor and control the permissions of the repository token for GitHub Actions.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/github.blog\/security\/new-tool-to-secure-your-github-actions\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to identify and fix overly powerful GitHub Actions permissions using workflow monitoring\" \/>\n<meta property=\"og:description\" content=\"Introducing a new tool to monitor and control the permissions of the repository token for GitHub Actions.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/github.blog\/security\/new-tool-to-secure-your-github-actions\/\" \/>\n<meta property=\"og:site_name\" content=\"The GitHub Blog\" \/>\n<meta property=\"article:published_time\" content=\"2023-06-26T16:36:07+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-02-04T22:59:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/github.blog\/wp-content\/uploads\/2022\/01\/Security-Open-Source-Product.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Jaroslav Lobacevski\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jaroslav Lobacevski\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/github.blog\\\/security\\\/new-tool-to-secure-your-github-actions\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/github.blog\\\/security\\\/new-tool-to-secure-your-github-actions\\\/\"},\"author\":{\"name\":\"Jaroslav Lobacevski\",\"@id\":\"https:\\\/\\\/github.blog\\\/#\\\/schema\\\/person\\\/c35513440c2245110b93e75fdd66f53c\"},\"headline\":\"How to identify and fix overly powerful GitHub Actions permissions using workflow monitoring\",\"datePublished\":\"2023-06-26T16:36:07+00:00\",\"dateModified\":\"2026-02-04T22:59:41+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/github.blog\\\/security\\\/new-tool-to-secure-your-github-actions\\\/\"},\"wordCount\":440,\"image\":{\"@id\":\"https:\\\/\\\/github.blog\\\/security\\\/new-tool-to-secure-your-github-actions\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/github.blog\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/Security-Open-Source-Product.png?fit=1200%2C630\",\"keywords\":[\"GitHub Actions\",\"GitHub Security Lab\"],\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/github.blog\\\/security\\\/new-tool-to-secure-your-github-actions\\\/\",\"url\":\"https:\\\/\\\/github.blog\\\/security\\\/new-tool-to-secure-your-github-actions\\\/\",\"name\":\"How to identify and fix overly powerful GitHub Actions permissions using workflow monitoring - The GitHub Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/github.blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/github.blog\\\/security\\\/new-tool-to-secure-your-github-actions\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/github.blog\\\/security\\\/new-tool-to-secure-your-github-actions\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/github.blog\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/Security-Open-Source-Product.png?fit=1200%2C630\",\"datePublished\":\"2023-06-26T16:36:07+00:00\",\"dateModified\":\"2026-02-04T22:59:41+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/github.blog\\\/#\\\/schema\\\/person\\\/c35513440c2245110b93e75fdd66f53c\"},\"description\":\"Introducing a new tool to monitor and control the permissions of the repository token for GitHub Actions.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/github.blog\\\/security\\\/new-tool-to-secure-your-github-actions\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/github.blog\\\/security\\\/new-tool-to-secure-your-github-actions\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/github.blog\\\/security\\\/new-tool-to-secure-your-github-actions\\\/#primaryimage\",\"url\":\"https:\\\/\\\/github.blog\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/Security-Open-Source-Product.png?fit=1200%2C630\",\"contentUrl\":\"https:\\\/\\\/github.blog\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/Security-Open-Source-Product.png?fit=1200%2C630\",\"width\":1200,\"height\":630},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/github.blog\\\/security\\\/new-tool-to-secure-your-github-actions\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/github.blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\\\/\\\/github.blog\\\/security\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"How to identify and fix overly powerful GitHub Actions permissions using workflow monitoring\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/github.blog\\\/#website\",\"url\":\"https:\\\/\\\/github.blog\\\/\",\"name\":\"The GitHub Blog\",\"description\":\"Updates, ideas, and inspiration from GitHub to help developers build and design software.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/github.blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/github.blog\\\/#\\\/schema\\\/person\\\/c35513440c2245110b93e75fdd66f53c\",\"name\":\"Jaroslav Lobacevski\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5871cbf884a120beb2ac2705d99a220a1c1946a1d85f33beabaf04895e8c8278?s=96&d=mm&r=g9be0f68ebe9466f6fa1688c1065a98bb\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5871cbf884a120beb2ac2705d99a220a1c1946a1d85f33beabaf04895e8c8278?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5871cbf884a120beb2ac2705d99a220a1c1946a1d85f33beabaf04895e8c8278?s=96&d=mm&r=g\",\"caption\":\"Jaroslav Lobacevski\"},\"url\":\"https:\\\/\\\/github.blog\\\/author\\\/jarlob\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"How to identify and fix overly powerful GitHub Actions permissions using workflow monitoring - The GitHub Blog","description":"Introducing a new tool to monitor and control the permissions of the repository token for GitHub Actions.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/github.blog\/security\/new-tool-to-secure-your-github-actions\/","og_locale":"en_US","og_type":"article","og_title":"How to identify and fix overly powerful GitHub Actions permissions using workflow monitoring","og_description":"Introducing a new tool to monitor and control the permissions of the repository token for GitHub Actions.","og_url":"https:\/\/github.blog\/security\/new-tool-to-secure-your-github-actions\/","og_site_name":"The GitHub Blog","article_published_time":"2023-06-26T16:36:07+00:00","article_modified_time":"2026-02-04T22:59:41+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/github.blog\/wp-content\/uploads\/2022\/01\/Security-Open-Source-Product.png","type":"image\/png"}],"author":"Jaroslav Lobacevski","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Jaroslav Lobacevski","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/github.blog\/security\/new-tool-to-secure-your-github-actions\/#article","isPartOf":{"@id":"https:\/\/github.blog\/security\/new-tool-to-secure-your-github-actions\/"},"author":{"name":"Jaroslav Lobacevski","@id":"https:\/\/github.blog\/#\/schema\/person\/c35513440c2245110b93e75fdd66f53c"},"headline":"How to identify and fix overly powerful GitHub Actions permissions using workflow monitoring","datePublished":"2023-06-26T16:36:07+00:00","dateModified":"2026-02-04T22:59:41+00:00","mainEntityOfPage":{"@id":"https:\/\/github.blog\/security\/new-tool-to-secure-your-github-actions\/"},"wordCount":440,"image":{"@id":"https:\/\/github.blog\/security\/new-tool-to-secure-your-github-actions\/#primaryimage"},"thumbnailUrl":"https:\/\/github.blog\/wp-content\/uploads\/2022\/01\/Security-Open-Source-Product.png?fit=1200%2C630","keywords":["GitHub Actions","GitHub Security Lab"],"articleSection":["Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/github.blog\/security\/new-tool-to-secure-your-github-actions\/","url":"https:\/\/github.blog\/security\/new-tool-to-secure-your-github-actions\/","name":"How to identify and fix overly powerful GitHub Actions permissions using workflow monitoring - The GitHub Blog","isPartOf":{"@id":"https:\/\/github.blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/github.blog\/security\/new-tool-to-secure-your-github-actions\/#primaryimage"},"image":{"@id":"https:\/\/github.blog\/security\/new-tool-to-secure-your-github-actions\/#primaryimage"},"thumbnailUrl":"https:\/\/github.blog\/wp-content\/uploads\/2022\/01\/Security-Open-Source-Product.png?fit=1200%2C630","datePublished":"2023-06-26T16:36:07+00:00","dateModified":"2026-02-04T22:59:41+00:00","author":{"@id":"https:\/\/github.blog\/#\/schema\/person\/c35513440c2245110b93e75fdd66f53c"},"description":"Introducing a new tool to monitor and control the permissions of the repository token for GitHub Actions.","breadcrumb":{"@id":"https:\/\/github.blog\/security\/new-tool-to-secure-your-github-actions\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/github.blog\/security\/new-tool-to-secure-your-github-actions\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/github.blog\/security\/new-tool-to-secure-your-github-actions\/#primaryimage","url":"https:\/\/github.blog\/wp-content\/uploads\/2022\/01\/Security-Open-Source-Product.png?fit=1200%2C630","contentUrl":"https:\/\/github.blog\/wp-content\/uploads\/2022\/01\/Security-Open-Source-Product.png?fit=1200%2C630","width":1200,"height":630},{"@type":"BreadcrumbList","@id":"https:\/\/github.blog\/security\/new-tool-to-secure-your-github-actions\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/github.blog\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/github.blog\/security\/"},{"@type":"ListItem","position":3,"name":"How to identify and fix overly powerful GitHub Actions permissions using workflow monitoring"}]},{"@type":"WebSite","@id":"https:\/\/github.blog\/#website","url":"https:\/\/github.blog\/","name":"The GitHub Blog","description":"Updates, ideas, and inspiration from GitHub to help developers build and design software.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/github.blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/github.blog\/#\/schema\/person\/c35513440c2245110b93e75fdd66f53c","name":"Jaroslav Lobacevski","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/5871cbf884a120beb2ac2705d99a220a1c1946a1d85f33beabaf04895e8c8278?s=96&d=mm&r=g9be0f68ebe9466f6fa1688c1065a98bb","url":"https:\/\/secure.gravatar.com\/avatar\/5871cbf884a120beb2ac2705d99a220a1c1946a1d85f33beabaf04895e8c8278?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5871cbf884a120beb2ac2705d99a220a1c1946a1d85f33beabaf04895e8c8278?s=96&d=mm&r=g","caption":"Jaroslav Lobacevski"},"url":"https:\/\/github.blog\/author\/jarlob\/"}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/github.blog\/wp-content\/uploads\/2022\/01\/Security-Open-Source-Product.png?fit=1200%2C630","jetpack_shortlink":"https:\/\/wp.me\/pamS32-iU3","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/posts\/72667","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/users\/1965"}],"replies":[{"embeddable":true,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/comments?post=72667"}],"version-history":[{"count":3,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/posts\/72667\/revisions"}],"predecessor-version":[{"id":93651,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/posts\/72667\/revisions\/93651"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/media\/62479"}],"wp:attachment":[{"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/media?parent=72667"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/categories?post=72667"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/tags?post=72667"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/coauthors?post=72667"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}