Skip to main content

Reviewing your security log

You can review the security log for your personal account to better understand actions you've performed and actions others have performed that involve you.

Accessing your security log

The security log lists all actions performed within the last 90 days.

  1. 在任何页面的右上角,单击个人资料照片,然后单击“设置”。

    用户栏中的 Settings 图标

  2. In the "Archives" section of the sidebar, click Security log.

Searching your security log

每个审核日志条目的名称由 action 对象或类别限定符组成,后跟操作类型。 例如,repo.create 条目是指对 repo 类别的 create 操作。

每个审核日志条目都显示有关事件的适用信息,例如:

  • 执行操作的企业或组织
  • 执行操作的用户(参与者)
  • 受操作影响的用户
  • 执行操作的仓库
  • 执行的操作
  • 发生操作的国家/地区
  • 发生操作的日期和时间
  • (可选)执行了操作的用户(执行者)的源 IP 地址

请注意,无法使用文本搜索条目。 但是,您可以使用各种过滤器构建搜索查询。 查询日志时使用的许多运算符,如 -><,与在 GitHub Enterprise Cloud 上搜索时的格式相同。 有关详细信息,请参阅“在 GitHub 上搜索”。

基于操作搜索

使用 operation 限定符将操作限制为特定类型的操作。 例如:

  • operation:access 查找访问过资源的所有事件。
  • operation:authentication 查找执行过身份验证事件的所有事件。
  • operation:create 查找创建过资源的所有事件。
  • operation:modify 查找修改过现有资源的所有事件。
  • operation:remove 查找删除过现有资源的所有事件。
  • operation:restore 查找还原过现有资源的所有事件。
  • operation:transfer 查找传输过现有资源的所有事件。

基于仓库搜索

使用 repo 限定符将操作限制到特定存储库。 例如:

  • repo:my-org/our-repo 查找 my-org 组织中 our-repo 存储库发生的所有事件。
  • repo:my-org/our-repo repo:my-org/another-repo 查找 my-org 组织中 our-repoanother-repo 存储库发生的所有事件。
  • -repo:my-org/not-this-repo 排除 my-org 组织中 not-this-repo 存储库发生的所有事件。

请注意,必须在 repo 限定符包括帐户名称;仅搜索 repo:our-repo 将不起作用。

基于用户搜索

actor 限定符可将事件范围限于执行操作的人员。 例如:

  • actor:octocat 查找 octocat 执行的所有事件。
  • actor:octocat actor:hubot 查找 octocathubot 执行的所有事件。
  • -actor:hubot 排除 hubot 执行的所有事件。

请注意,只能使用 GitHub Enterprise Cloud 用户名,而不是个人的真实姓名。

Search based on the action performed

The events listed in your security log are triggered by your actions. Actions are grouped into the following categories:

Category nameDescription
billingContains all activities related to your billing information.
codespacesContains all activities related to GitHub Codespaces. For more information, see "About Codespaces."
marketplace_agreement_signatureContains all activities related to signing the GitHub Marketplace Developer Agreement.
marketplace_listingContains all activities related to listing apps in GitHub Marketplace.
oauth_accessContains all activities related to OAuth Apps you've connected with.
payment_methodContains all activities related to paying for your GitHub subscription.
profile_pictureContains all activities related to your profile picture.
projectContains all activities related to project boards.
public_keyContains all activities related to your public SSH keys.
repoContains all activities related to the repositories you own.
sponsorsContains all events related to GitHub Sponsors and sponsor buttons (see "About GitHub Sponsors" and "Displaying a sponsor button in your repository")
two_factor_authenticationContains all activities related to two-factor authentication.
userContains all activities related to your account.

Exporting your security log

您可以将日志导出为 JSON 数据或逗号分隔值 (CSV) 文件。

“导出”按钮

若要筛选导出结果,请在使用“导出”下拉菜单之前通过一个或多个支持的限定符进行搜索。

限定符示例值
actionteam.create
actoroctocat
usercodertocat
orgocto-org
repoocto-org/documentation
created2019-06-01

导出日志后,你将在生成的文件中看到以下键和值。

密钥示例值
actionteam.create
actoroctocat
usercodertocat
actor_location.country_codeUS
orgocto-org
repoocto-org/documentation
created_at1429548104000 (Timestamp shows the time since Epoch with milliseconds.)
data.emailoctocat@nowhere.com
data.hook_id245
data.events["issues", "issue_comment", "pull_request", "pull_request_review_comment"]
data.events_were["push", "pull_request", "issues"]
data.target_loginoctocat
data.old_userhubot
data.teamocto-org/engineering

Security log actions

An overview of some of the most common actions that are recorded as events in the security log.

billing category actions

ActionDescription
change_billing_typeTriggered when you change how you pay for GitHub.
change_emailTriggered when you change your email address.

codespaces category actions

ActionDescription
createTriggered when you create a codespace.
resumeTriggered when you resume a suspended codespace.
deleteTriggered when you delete a codespace.
manage_access_and_securityTriggered when you update the repositories a codespace has access to.
trusted_repositories_access_updateTriggered when you change your personal account's access and security setting for Codespaces.

marketplace_agreement_signature category actions

ActionDescription
createTriggered when you sign the GitHub Marketplace Developer Agreement.

marketplace_listing category actions

ActionDescription
approveTriggered when your listing is approved for inclusion in GitHub Marketplace.
createTriggered when you create a listing for your app in GitHub Marketplace.
delistTriggered when your listing is removed from GitHub Marketplace.
redraftTriggered when your listing is sent back to draft state.
rejectTriggered when your listing is not accepted for inclusion in GitHub Marketplace.

oauth_authorization category actions

ActionDescription
createTriggered when you grant access to an OAuth App.
destroyTriggered when you revoke an OAuth App's access to your account and when authorizations are revoked or expire.

payment_method category actions

ActionDescription
createTriggered when a new payment method is added, such as a new credit card or PayPal account.
updateTriggered when an existing payment method is updated.

profile_picture category actions

ActionDescription
updateTriggered when you set or update your profile picture.

project category actions

ActionDescription
accessTriggered when a project board's visibility is changed.
createTriggered when a project board is created.
renameTriggered when a project board is renamed.
updateTriggered when a project board is updated.
deleteTriggered when a project board is deleted.
linkTriggered when a repository is linked to a project board.
unlinkTriggered when a repository is unlinked from a project board.
update_user_permissionTriggered when an outside collaborator is added to or removed from a project board or has their permission level changed.

public_key category actions

ActionDescription
createTriggered when you add a new public SSH key to your account on GitHub.com.
deleteTriggered when you remove a public SSH key to your account on GitHub.com.

repo category actions

ActionDescription
accessTriggered when you a repository you own is switched from "private" to "public" (or vice versa).
add_memberTriggered when a GitHub Enterprise Cloud user is invited to have collaboration access to a repository.
add_topicTriggered when a repository owner adds a topic to a repository.
archivedTriggered when a repository owner archives a repository.
createTriggered when a new repository is created.
destroyTriggered when a repository is deleted.
disableTriggered when a repository is disabled (e.g., for insufficient funds).
download_zipTriggered when a ZIP or TAR archive of a repository is downloaded.
enableTriggered when a repository is re-enabled.
remove_memberTriggered when a GitHub Enterprise Cloud user is removed from a repository as a collaborator.
remove_topicTriggered when a repository owner removes a topic from a repository.
renameTriggered when a repository is renamed.
transferTriggered when a repository is transferred.
transfer_startTriggered when a repository transfer is about to occur.
unarchivedTriggered when a repository owner unarchives a repository.

sponsors category actions

ActionDescription
custom_amount_settings_changeTriggered when you enable or disable custom amounts, or when you change the suggested custom amount (see "Managing your sponsorship tiers")
repo_funding_links_file_actionTriggered when you change the FUNDING file in your repository (see "Displaying a sponsor button in your repository")
sponsor_sponsorship_cancelTriggered when you cancel a sponsorship (see "Downgrading a sponsorship")
sponsor_sponsorship_createTriggered when you sponsor an account (see "Sponsoring an open source contributor")
sponsor_sponsorship_payment_completeTriggered after you sponsor an account and your payment has been processed (see "Sponsoring an open source contributor")
sponsor_sponsorship_preference_changeTriggered when you change whether you receive email updates from a sponsored developer (see "Managing your sponsorship")
sponsor_sponsorship_tier_changeTriggered when you upgrade or downgrade your sponsorship (see "Upgrading a sponsorship" and "Downgrading a sponsorship")
sponsored_developer_approveTriggered when your GitHub Sponsors account is approved (see "Setting up GitHub Sponsors for your personal account")
sponsored_developer_createTriggered when your GitHub Sponsors account is created (see "Setting up GitHub Sponsors for your personal account")
sponsored_developer_disableTriggered when your GitHub Sponsors account is disabled
sponsored_developer_redraftTriggered when your GitHub Sponsors account is returned to draft state from approved state
sponsored_developer_profile_updateTriggered when you edit your sponsored developer profile (see "Editing your profile details for GitHub Sponsors")
sponsored_developer_request_approvalTriggered when you submit your application for GitHub Sponsors for approval (see "Setting up GitHub Sponsors for your personal account")
sponsored_developer_tier_description_updateTriggered when you change the description for a sponsorship tier (see "Managing your sponsorship tiers")
sponsored_developer_update_newsletter_sendTriggered when you send an email update to your sponsors (see "Contacting your sponsors")
waitlist_invite_sponsored_developerTriggered when you are invited to join GitHub Sponsors from the waitlist (see "Setting up GitHub Sponsors for your personal account")
waitlist_joinTriggered when you join the waitlist to become a sponsored developer (see "Setting up GitHub Sponsors for your personal account")

successor_invitation category actions

ActionDescription
acceptTriggered when you accept a succession invitation (see "Maintaining ownership continuity of your personal account's repositories")
cancelTriggered when you cancel a succession invitation (see "Maintaining ownership continuity of your personal account's repositories")
createTriggered when you create a succession invitation (see "Maintaining ownership continuity of your personal account's repositories")
declineTriggered when you decline a succession invitation (see "Maintaining ownership continuity of your personal account's repositories")
revokeTriggered when you revoke a succession invitation (see "Maintaining ownership continuity of your personal account's repositories")

two_factor_authentication category actions

ActionDescription
enabledTriggered when two-factor authentication is enabled.
disabledTriggered when two-factor authentication is disabled.

user category actions

ActionDescription
add_emailTriggered when you add a new email address.
codespaces_trusted_repo_access_grantedTriggered when you allow the codespaces you create for a repository to access other repositories owned by your personal account.
codespaces_trusted_repo_access_revokedTriggered when you disallow the codespaces you create for a repository to access other repositories owned by your personal account.
createTriggered when you create a new personal account.
change_passwordTriggered when you change your password.
forgot_passwordTriggered when you ask for a password reset.
hide_private_contributions_countTriggered when you hide private contributions on your profile.
loginTriggered when you log in to GitHub.com.
failed_loginTriggered when you failed to log in successfully.
remove_emailTriggered when you remove an email address.
renameTriggered when you rename your account.
report_contentTriggered when you report an issue or pull request, or a comment on an issue, pull request, or commit.
show_private_contributions_countTriggered when you publicize private contributions on your profile.
two_factor_requestedTriggered when GitHub Enterprise Cloud asks you for your two-factor authentication code.

user_status category actions

ActionDescription
updateTriggered when you set or change the status on your profile. For more information, see "Setting a status."
destroyTriggered when you clear the status on your profile.