For some reason for the single app I had used this for, there was no "Disconnect" button - so I just did the nuke option of deleting the connection right from the main settings page: https://dashboard.heroku.com/account/applications#third-part...

For checking your Github audit logs, you can go directly here (replace ORG_NAME with your own): https://github.com/organizations/<ORG_NAME>/settings/audit-l...

Or from: Organization > Settings > Archive > Logs > Audit Log

I hope we get some more clarity on the extent of this incident soon. We'll rotate our keys anyway but I really hope the attackers did not have access to the ENV vars that are commonly set on Heroku directly.

For many accounts the audit log isn’t going to show some crucial information—git activity. Clone events are only available through the REST API for Enterprise customers.

The GitHub pipeline integration doesn't show up on the third party applications page here: https://dashboard.heroku.com/account/applications#third-part...

I had to remove them one by one.