Reviewing your security log
You can review the security log for your user account to better understand actions you've performed and actions others have performed that involve you.
The security log lists all actions performed within the last 90 days.
In the upper-right corner of any page, click your profile photo, then click Settings.
In the user settings sidebar, click Security log.
The log lists the following information about each action:
- Which repository an action was performed in
- The user that performed the action
- The action that was performed
- Which country the action took place in
- The date and time the action occurred
Note that you cannot search for entries using text. You can, however, construct search queries using a variety of filters. Many operators used when querying the log, such as
<, match the same format as searching across GitHub. For more information, see "Searching on GitHub."
operation qualifier to limit actions to specific types of operations. For example:
operation:access finds all events where a resource was accessed.
operation:authentication finds all events where an authentication event was performed.
operation:create finds all events where a resource was created.
operation:modify finds all events where an existing resource was modified.
operation:remove finds all events where an existing resource was removed.
operation:restore finds all events where an existing resource was restored.
operation:transfer finds all events where an existing resource was transferred.
repo qualifier to limit actions to a specific repository. For example:
repo:my-org/our-repo finds all events that occurred for the
our-repo repository in the
repo:my-org/our-repo repo:my-org/another-repo finds all events that occurred for both the
another-repo repositories in the
-repo:my-org/not-this-repo excludes all events that occurred for the
not-this-repo repository in the
Note that you must include the account name within the
repo qualifier; searching for just
repo:our-repo will not work.
actor qualifier can scope events based on who performed the action. For example:
actor:octocat finds all events performed by
actor:octocat actor:hubot finds all events performed by both
-actor:hubot excludes all events performed by
Note that you can only use a GitHub username, not an individual's real name.
The events listed in your security log are triggered by your actions. Actions are grouped into the following categories:
You can export the log as JSON data or a comma-separated value (CSV) file.
To filter the results in your export, search by one or more of these supported qualifiers before using the Export drop-down menu.
After you export the log as JSON or CSV, you'll see the following keys and values in the resulting file.
|1429548104000 (Timestamp shows the time since Epoch with milliseconds.)|
|["issues", "issue_comment", "pull_request", "pull_request_review_comment"]|
|["push", "pull_request", "issues"]|
An overview of some of the most common actions that are recorded as events in the security log.
|Triggered when you sign the GitHub Marketplace Developer Agreement.|
|Triggered when your listing is approved for inclusion in GitHub Marketplace.|
|Triggered when you create a listing for your app in GitHub Marketplace.|
|Triggered when your listing is removed from GitHub Marketplace.|
|Triggered when your listing is sent back to draft state.|
|Triggered when your listing is not accepted for inclusion in GitHub Marketplace.|
|Triggered when a payment method on file is removed.|
|Triggered when a new payment method is added, such as a new credit card or PayPal account.|
|Triggered when an existing payment method is updated.|
|Triggered when a project board's visibility is changed.|
|Triggered when a project board is created.|
|Triggered when a project board is renamed.|
|Triggered when a project board is updated.|
|Triggered when a project board is deleted.|
|Triggered when a repository is linked to a project board.|
|Triggered when a repository is unlinked from a project board.|
|Triggered when an outside collaborator is added to or removed from a project board or has their permission level changed.|
|Triggered when two-factor authentication is enabled.|
|Triggered when two-factor authentication is disabled.|
|Triggered when you set or change the status on your profile. For more information, see "Setting a status."|
|Triggered when you clear the status on your profile.|