Skip to main content
Applies to BloodHound Enterprise and CE

Edge Schema

General Information

The non-traversable GH_CanAccess edge indicates that a personal access token or app installation has been granted access to specific repositories. It is created by Git-HoundPersonalAccessToken and Git-HoundPersonalAccessTokenRequest for PATs, and by Git-HoundAppInstallation for app installations. This edge represents the scope of access granted to a token or app rather than a direct attack path, providing visibility into which repositories are reachable through non-human credentials. It is non-traversable because token and app access does not transitively extend to other principals.