You can review the security log for your personal account to better understand actions you've performed and actions others have performed that involve you.
Accessing your security log
The security log lists all actions performed within the last 90 days.
In the upper-right corner of any page, click your profile photo, then click Settings.
In the "Archives" section of the sidebar, click Security log.
Searching your security log
The name for each audit log entry is composed of the action object or category qualifier, followed by an operation type. For example, the repo.create entry refers to the create operation on the repo category.
Each audit log entry shows applicable information about an event, such as:
The enterprise or organization an action was performed in
The user (actor) who performed the action
The user affected by the action
Which repository an action was performed in
The action that was performed
Which country the action took place in
The date and time the action occurred
Note that you cannot search for entries using text. You can, however, construct search queries using a variety of filters. Many operators used when querying the log, such as -, >, or <, match the same format as searching across GitHub Enterprise Cloud. For more information, see "Searching on GitHub."
Search based on operation
Use the operation qualifier to limit actions to specific types of operations. For example:
operation:access finds all events where a resource was accessed.
operation:authentication finds all events where an authentication event was performed.
operation:create finds all events where a resource was created.
operation:modify finds all events where an existing resource was modified.
operation:remove finds all events where an existing resource was removed.
operation:restore finds all events where an existing resource was restored.
operation:transfer finds all events where an existing resource was transferred.
Search based on repository
Use the repo qualifier to limit actions to a specific repository. For example:
repo:my-org/our-repo finds all events that occurred for the our-repo repository in the my-org organization.
repo:my-org/our-repo repo:my-org/another-repo finds all events that occurred for both the our-repo and another-repo repositories in the my-org organization.
-repo:my-org/not-this-repo excludes all events that occurred for the not-this-repo repository in the my-org organization.
Note that you must include the account name within the repo qualifier; searching for just repo:our-repo will not work.
Search based on the user
The actor qualifier can scope events based on who performed the action. For example:
actor:octocat finds all events performed by octocat.
actor:octocat actor:hubot finds all events performed by both octocat and hubot.
-actor:hubot excludes all events performed by hubot.
Note that you can only use a GitHub Enterprise Cloud username, not an individual's real name.
Search based on the action performed
The events listed in your security log are triggered by your actions. Actions are grouped into the following categories: