Accessing your security log
The security log lists all actions performed within the last 90 days.
In the upper-right corner of any page, click your profile photo, then click Settings.
In the "Archives" section of the sidebar, click Security log.
Searching your security log
The name for each audit log entry is composed of the
action object or category qualifier, followed by an operation type. For example, the
repo.create entry refers to the
create operation on the
Each audit log entry shows applicable information about an event, such as:
- The enterprise or organization an action was performed in
- The user (actor) who performed the action
- The user affected by the action
- Which repository an action was performed in
- The action that was performed
- Which country the action took place in
- The date and time the action occurred
Note that you cannot search for entries using text. You can, however, construct search queries using a variety of filters. Many operators used when querying the log, such as
<, match the same format as searching across GitHub Enterprise Server. For more information, see "About searching on GitHub."
Search based on operation
operation qualifier to limit actions to specific types of operations. For example:
operation:accessfinds all events where a resource was accessed.
operation:authenticationfinds all events where an authentication event was performed.
operation:createfinds all events where a resource was created.
operation:modifyfinds all events where an existing resource was modified.
operation:removefinds all events where an existing resource was removed.
operation:restorefinds all events where an existing resource was restored.
operation:transferfinds all events where an existing resource was transferred.
Search based on repository
repo qualifier to limit actions to a specific repository. For example:
repo:my-org/our-repofinds all events that occurred for the
our-reporepository in the
repo:my-org/our-repo repo:my-org/another-repofinds all events that occurred for both the
another-reporepositories in the
-repo:my-org/not-this-repoexcludes all events that occurred for the
not-this-reporepository in the
Note that you must include the account name within the
repo qualifier; searching for just
repo:our-repo will not work.
Search based on the user
actor qualifier can scope events based on who performed the action. For example:
actor:octocatfinds all events performed by
actor:octocat actor:hubotfinds all events performed by
-actor:hubotexcludes all events performed by
Note that you can only use a GitHub Enterprise Server username, not an individual's real name.
Search based on the action performed
The events listed in your security log are triggered by your actions. Actions are grouped into different categories. For the full list of events in each category, see "Security log events."
|Contains all activities related to OAuth Apps you've connected with.|
|Contains all activities related to your profile picture.|
|Contains all activities related to project boards.|
|Contains all activities related to your public SSH keys.|
|Contains all activities related to the repositories you own.|
|Contains all activities related to teams you are a part of.|
|Contains all activities related to two-factor authentication.|
|Contains all activities related to your account.|