Overview
GitHub, owned by Microsoft since 2018, operates AS36459 but increasingly delegates services to Azure-backed infrastructure. The /meta API returns categorized ranges so customers can configure firewalls precisely — only allow webhook traffic from GitHub’s webhook ranges, only allow CI runners to connect to private resources, etc.
Services on these IPs
Sections in the meta JSON include: hooks (webhook delivery), web (github.com web UI), api (api.github.com), git (git+ssh server), importer (legacy SVN/HG import), actions (CI runner egress), packages (npm/Docker package registries), dependabot, pages (custom domain serving).
How to detect GitHub IPs
Reverse DNS returns *.github.com or *.githubusercontent.com. AS36459 is GitHub-specific. For very precise checks, fetch /meta and match against the relevant section.
When this matters
Self-hosted webhooks restrict ingress to GitHub’s "hooks" range. Enterprise firewalls allow GitHub Actions runners to reach internal artifacts. SOC teams trace data exfiltration through GitHub Actions or Gists.
Caveats
GitHub Actions runners are increasingly Azure-hosted — some Actions traffic appears from AS8075 (Microsoft) rather than AS36459. Use the API’s actions section explicitly. Note that 185.199.108.0/22 serves BOTH web and GitHub Pages traffic.