Skip to main content

This version of GitHub Enterprise Server was discontinued on 2024-01-04. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise Server. For help with the upgrade, contact GitHub Enterprise support.

Audit log events for your enterprise

Learn about audit log events recorded for your enterprise.

Who can use this feature

Enterprise owners and site administrators can interact with the audit log.

Notes:

  • This article contains the events available in the latest version of GitHub Enterprise Server. Some of the events may not be available in previous versions.
  • This article contains the events that may appear in the enterprise settings, specifically. The audit log in the site admin dashboard may contain additional events not listed here.
  • This article contains the events that may appear in the audit log for an enterprise. For the events that can appear in a user account's security log or the audit log for an organization, see "Security log events" and "Audit log events for your organization."
  • Webhooks might be a good alternative to the audit log or API polling for certain use cases. Webhooks are a way for GitHub to notify your server when specific events occur for a repository, organization, or enterprise. Compared to the API or searching the audit log, webhooks can be more efficient if you just want to learn and possibly log when certain events occur on your enterprise, organization, or repository. For more information, see "Webhooks documentation."

About audit log events for your enterprise

The name for each audit log entry is composed of a category of events, followed by an operation type. For example, the repo.create entry refers to the create operation on the repo category. The reference information in this article is grouped by categories.

api

ActionDescription
api.requestAn API request was made to a security-significant endpoint for the enterprise. This event is only included if API Request Events is enabled in the enterprise's audit log settings. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.

business

ActionDescription
business.add_adminAn enterprise owner was added to an enterprise.
business.add_organizationAn organization was added to an enterprise.
business.advanced_security_policy_updateAn enterprise owner created, updated, or removed a policy for GitHub Advanced Security.
business.clear_actions_settingsAn enterprise owner or site administrator cleared GitHub Actions policy settings for an enterprise.
business.clear_default_repository_permissionAn enterprise owner cleared the base repository permission policy setting for an enterprise.
business.clear_members_can_create_reposAn enterprise owner cleared a restriction on repository creation in organizations in the enterprise.
business.createAn enterprise was created.
business.disable_source_ip_disclosureDisplay of IP addresses within audit log events for the enterprise was disabled.
business.disable_two_factor_requirementThe requirement for members to have two-factor authentication enabled to access an enterprise was disabled.
business.enable_source_ip_disclosureDisplay of IP addresses within audit log events for the enterprise was enabled.
business.enable_two_factor_requirementThe requirement for members to have two-factor authentication enabled to access an enterprise was enabled.
business.members_can_update_protected_branches.clearAn enterprise owner unset a policy for whether members of an enterprise can update protected branches on repositories for individual organizations. Organization owners can choose whether to allow updating protected branches settings.
business.members_can_update_protected_branches.disableThe ability for enterprise members to update branch protection rules was disabled. Only enterprise owners can update protected branches.
business.members_can_update_protected_branches.enableThe ability for enterprise members to update branch protection rules was enabled. Enterprise owners and members can update protected branches.
business.remove_adminAn enterprise owner was removed from an enterprise.
business.remove_organizationAn organization was removed from an enterprise.
business.rename_slugThe slug for the enterprise URL was renamed.
business.set_actions_retention_limitThe retention period for GitHub Actions artifacts and logs was changed for an enterprise.
business.sso_responseA SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your enterprise. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
business.update_actions_settingsAn enterprise owner or site administrator updated GitHub Actions policy settings for an enterprise.
business.update_default_repository_permissionThe base repository permission setting was updated for all organizations in an enterprise.
business.update_member_repository_creation_permissionThe repository creation setting was updated for an enterprise.
business.update_member_repository_invitation_permissionThe policy setting for enterprise members inviting outside collaborators to repositories was updated.

business_advanced_security

ActionDescription
business_advanced_security.disabledGitHub Advanced Security was disabled for your enterprise.
business_advanced_security.disabled_for_new_reposGitHub Advanced Security was disabled for new repositories in your enterprise.
business_advanced_security.enabledGitHub Advanced Security was enabled for your enterprise.
business_advanced_security.enabled_for_new_reposGitHub Advanced Security was enabled for new repositories in your enterprise.

business_dependabot_alerts_new_repos

ActionDescription
business_dependabot_alerts_new_repos.disableDependabot alerts were disabled for new repositories in your enterprise.
business_dependabot_alerts_new_repos.enableDependabot alerts were enabled for new repositories in your enterprise.

business_secret_scanning_automatic_validity_checks

ActionDescription
business_secret_scanning_automatic_validity_checks.disabledAutomatic partner validation checks have been disabled at the business level
business_secret_scanning_automatic_validity_checks.enabledAutomatic partner validation checks have been enabled at the business level

business_secret_scanning_custom_pattern

ActionDescription
business_secret_scanning_custom_pattern.createAn enterprise-level custom pattern was created for secret scanning.
business_secret_scanning_custom_pattern.deleteAn enterprise-level custom pattern was removed from secret scanning.
business_secret_scanning_custom_pattern.publishAn enterprise-level custom pattern was published for secret scanning.
business_secret_scanning_custom_pattern.updateChanges to an enterprise-level custom pattern were saved and a dry run was executed for secret scanning.

business_secret_scanning_custom_pattern_push_protection

ActionDescription
business_secret_scanning_custom_pattern_push_protection.disabledPush protection for a custom pattern for secret scanning was disabled for your enterprise.
business_secret_scanning_custom_pattern_push_protection.enabledPush protection for a custom pattern for secret scanning was enabled for your enterprise.

business_secret_scanning

ActionDescription
business_secret_scanning.disableSecret scanning was disabled for your enterprise.
business_secret_scanning.disabled_for_new_reposSecret scanning was disabled for new repositories in your enterprise.
business_secret_scanning.enableSecret scanning was enabled for your enterprise.
business_secret_scanning.enabled_for_new_reposSecret scanning was enabled for new repositories in your enterprise.

business_secret_scanning_push_protection_custom_message

ActionDescription
business_secret_scanning_push_protection_custom_message.disableThe custom message triggered by an attempted push to a push-protected repository was disabled for your enterprise.
business_secret_scanning_push_protection_custom_message.enableThe custom message triggered by an attempted push to a push-protected repository was enabled for your enterprise.
business_secret_scanning_push_protection_custom_message.updateThe custom message triggered by an attempted push to a push-protected repository was updated for your enterprise.

business_secret_scanning_push_protection

ActionDescription
business_secret_scanning_push_protection.disablePush protection for secret scanning was disabled for your enterprise.
business_secret_scanning_push_protection.disabled_for_new_reposPush protection for secret scanning was disabled for new repositories in your enterprise.
business_secret_scanning_push_protection.enablePush protection for secret scanning was enabled for your enterprise.
business_secret_scanning_push_protection.enabled_for_new_reposPush protection for secret scanning was enabled for new repositories in your enterprise.

checks

ActionDescription
checks.auto_trigger_disabledAutomatic creation of check suites was disabled on a repository in the organization or enterprise.
checks.auto_trigger_enabledAutomatic creation of check suites was enabled on a repository in the organization or enterprise.

custom_property_definition

ActionDescription
custom_property_definition.createA new custom property definition was created.
custom_property_definition.destroyA custom property definition was deleted.
custom_property_definition.updateA custom property definition was updated.

custom_property_value

ActionDescription
custom_property_value.createA repository's custom property value was manually set for the first time.
custom_property_value.destroyA repository's custom property value was deleted.
custom_property_value.updateA repository's custom property value was updated.

discussion_post

ActionDescription
discussion_post.destroyTriggered when a team discussion post is deleted.
discussion_post.updateTriggered when a team discussion post is edited.

discussion_post_reply

ActionDescription
discussion_post_reply.destroyTriggered when a reply to a team discussion post is deleted.
discussion_post_reply.updateTriggered when a reply to a team discussion post is edited.

enterprise_announcement

ActionDescription
enterprise_announcement.createA global announcement banner was created for the enterprise.
enterprise_announcement.destroyA global announcement banner was removed from the enterprise.
enterprise_announcement.updateA global announcement banner was updated for the enterprise.

enterprise_domain

ActionDescription
enterprise_domain.approveA domain was approved for an enterprise.
enterprise_domain.createA domain was added to an enterprise.
enterprise_domain.destroyA domain was removed from an enterprise.
enterprise_domain.verifyA domain was verified for an enterprise.

enterprise

ActionDescription
enterprise.register_self_hosted_runnerA new GitHub Actions self-hosted runner was registered.
enterprise.remove_self_hosted_runnerA GitHub Actions self-hosted runner was removed.
enterprise.runner_group_createdA GitHub Actions self-hosted runner group was created.
enterprise.runner_group_removedA GitHub Actions self-hosted runner group was removed.
enterprise.runner_group_runner_removedThe REST API was used to remove a GitHub Actions self-hosted runner from a group.
enterprise.runner_group_runners_addedA GitHub Actions self-hosted runner was added to a group.
enterprise.runner_group_runners_updatedA GitHub Actions runner group's list of members was updated.
enterprise.runner_group_updatedThe configuration of a GitHub Actions self-hosted runner group was changed.
enterprise.self_hosted_runner_offlineThe GitHub Actions runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
enterprise.self_hosted_runner_onlineThe GitHub Actions runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
enterprise.self_hosted_runner_updatedThe GitHub Actions runner application was updated. This event is not included in the JSON/CSV export.

git

ActionDescription
git.cloneA repository was cloned.
git.fetchChanges were fetched from a repository.
git.pushChanges were pushed to a repository.

hook

ActionDescription
hook.config_changedA hook's configuration was changed.
hook.createA new hook was added.
hook.destroyA hook was deleted.
hook.events_changedA hook's configured events were changed.

integration

ActionDescription
integration.createAn integration was created.
integration.destroyAn integration was deleted.
integration.manager_addedA member of an enterprise or organization was added as an integration manager.
integration.manager_removedA member of an enterprise or organization was removed from being an integration manager.
integration.transferOwnership of an integration was transferred to another user or organization.

integration_installation

ActionDescription
integration_installation.createAn integration was installed.
integration_installation.destroyAn integration was uninstalled.
integration_installation.repositories_addedRepositories were added to an integration.
integration_installation.repositories_removedRepositories were removed from an integration.
integration_installation.version_updatedPermissions for an integration were updated.

ip_allow_list

ActionDescription
ip_allow_list.disableAn IP allow list was disabled.
ip_allow_list.disable_for_installed_appsAn IP allow list was disabled for installed GitHub Apps.
ip_allow_list.disable_user_level_enforcementIP allow list user level enforcement was disabled.
ip_allow_list.enableAn IP allow list was enabled.
ip_allow_list.enable_for_installed_appsAn IP allow list was enabled for installed GitHub Apps.
ip_allow_list.enable_user_level_enforcementIP allow list user level enforcement was enabled.

ip_allow_list_entry

ActionDescription
ip_allow_list_entry.createAn IP address was added to an IP allow list.
ip_allow_list_entry.destroyAn IP address was deleted from an IP allow list.
ip_allow_list_entry.updateAn IP address or its description was changed.

oauth_application

ActionDescription
oauth_application.createAn OAuth application was created.
oauth_application.destroyAn OAuth application was deleted.
oauth_application.reset_secretThe secret key for an OAuth application was reset.
oauth_application.revoke_tokensToken(s) for an OAuth application were revoked.
oauth_application.transferAn OAuth application was transferred from one account to another.
oauth_application.unsuspendAn OAuth application was unsuspended for a user or organization account.

oauth_authorization

ActionDescription
oauth_authorization.createAn authorization for an OAuth application was created.
oauth_authorization.destroyAn authorization for an OAuth application was deleted.
oauth_authorization.updateAn authorization for an OAuth application was updated.

org

ActionDescription
org.accept_business_invitationAn invitation sent to an organization to join an enterprise was accepted.
org.add_billing_managerA billing manager was added to an organization.
org.add_memberA user joined an organization.
org.advanced_security_disabled_for_new_reposGitHub Advanced Security was disabled for new repositories in an organization.
org.advanced_security_disabled_on_all_reposGitHub Advanced Security was disabled for all repositories in an organization.
org.advanced_security_enabled_for_new_reposGitHub Advanced Security was enabled for new repositories in an organization.
org.advanced_security_enabled_on_all_reposGitHub Advanced Security was enabled for all repositories in an organization.
org.advanced_security_policy_selected_member_disabledAn enterprise owner prevented GitHub Advanced Security features from being enabled for repositories owned by the organization.
org.advanced_security_policy_selected_member_enabledAn enterprise owner allowed GitHub Advanced Security features to be enabled for repositories owned by the organization.
org.async_deleteA user initiated a background job to delete an organization.
org.block_userAn organization owner blocked a user from accessing the organization's repositories.
org.cancel_business_invitationAn invitation for an organization to join an enterprise was revoked
org.cancel_invitationAn invitation sent to a user to join an organization was revoked.
org.codeql_disabledCode scanning using the default setup was disabled for an organization.
org.codeql_enabledCode scanning using the default setup was enabled for an organization.
org.config.disable_collaborators_onlyThe interaction limit for collaborators only for an organization was disabled.
org.config.disable_contributors_onlyThe interaction limit for prior contributors only for an organization was disabled.
org.config.disable_sockpuppet_disallowedThe interaction limit for existing users only for an organization was disabled.
org.config.enable_collaborators_onlyThe interaction limit for collaborators only for an organization was enabled.
org.config.enable_contributors_onlyThe interaction limit for prior contributors only for an organization was enabled.
org.config.enable_sockpuppet_disallowedThe interaction limit for existing users only for an organization was enabled.
org.confirm_business_invitationAn invitation for an organization to join an enterprise was confirmed.
org.createAn organization was created.
org.deleteAn organization was deleted by a user-initiated background job.
org.disable_member_team_creation_permissionTeam creation was limited to owners.
org.disable_reader_discussion_creation_permissionAn organization owner limited discussion creation to users with at least triage permission in an organization.
org.disable_samlSAML single sign-on was disabled for an organization.
org.disable_two_factor_requirementA two-factor authentication requirement was disabled for the organization.
org.display_commenter_full_name_disabledAn organization owner disabled the display of a commenter's full name in an organization. Members cannot see a comment author's full name.
org.display_commenter_full_name_enabledAn organization owner enabled the display of a commenter's full name in an organization. Members can see a comment author's full name.
org.enable_member_team_creation_permissionTeam creation by members was allowed.
org.enable_reader_discussion_creation_permissionAn organization owner allowed users with read access to create discussions in an organization
org.enable_samlSAML single sign-on was enabled for the organization.
org.enable_two_factor_requirementTwo-factor authentication is now required for the organization.
org.integration_manager_addedAn organization owner granted a member access to manage all GitHub Apps owned by an organization.
org.integration_manager_removedAn organization owner removed access to manage all GitHub Apps owned by an organization from an organization member.
org.invite_memberA new user was invited to join an organization.
org.invite_to_businessAn organization was invited to join an enterprise.
org.members_can_update_protected_branches.disableThe ability for enterprise members to update protected branches was disabled. Only enterprise owners can update protected branches.
org.members_can_update_protected_branches.enableThe ability for enterprise members to update protected branches was enabled. Members of an organization can update protected branches.
org.recreateAn organization was restored.
org.register_self_hosted_runnerA new self-hosted runner was registered.
org.remove_billing_managerA billing manager was removed from an organization, either manually or due to a two-factor authentication requirement.
org.remove_memberA member was removed from an organization, either manually or due to a two-factor authentication requirement.
org.remove_outside_collaboratorAn outside collaborator was removed from an organization, either manually or due to a two-factor authentication requirement.
org.remove_self_hosted_runnerA self-hosted runner was removed.
org.renameAn organization was renamed.
org.restore_memberAn organization member was restored.
org.runner_group_createdA self-hosted runner group was created.
org.runner_group_removedA self-hosted runner group was removed.
org.runner_group_runner_removedThe REST API was used to remove a self-hosted runner from a group.
org.runner_group_runners_addedA self-hosted runner was added to a group.
org.runner_group_runners_updatedA runner group's list of members was updated.
org.runner_group_updatedThe configuration of a self-hosted runner group was changed.
org.secret_scanning_custom_pattern_push_protection_disabledPush protection for a custom pattern for secret scanning was disabled for an organization.
org.secret_scanning_custom_pattern_push_protection_enabledPush protection for a custom pattern for secret scanning was enabled for an organization.
org.secret_scanning_push_protection_custom_message_disabledThe custom message triggered by an attempted push to a push-protected repository was disabled for an organization.
org.secret_scanning_push_protection_custom_message_enabledThe custom message triggered by an attempted push to a push-protected repository was enabled for an organization.
org.secret_scanning_push_protection_custom_message_updatedThe custom message triggered by an attempted push to a push-protected repository was updated for an organization.
org.secret_scanning_push_protection_disablePush protection for secret scanning was disabled.
org.secret_scanning_push_protection_enablePush protection for secret scanning was enabled.
org.secret_scanning_push_protection_new_repos_disablePush protection for secret scanning was disabled for all new repositories in the organization.
org.secret_scanning_push_protection_new_repos_enablePush protection for secret scanning was enabled for all new repositories in the organization.
org.self_hosted_runner_offlineThe runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
org.self_hosted_runner_onlineThe runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
org.self_hosted_runner_updatedThe runner application was updated. This event is not included in the JSON/CSV export.
org.set_actions_retention_limitThe retention period for GitHub Actions artifacts and logs in an organization was changed.
org.sso_responseA SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
org.transformA user account was converted into an organization.
org.unblock_userA user was unblocked from an organization.
org.update_default_repository_permissionThe default repository permission level for organization members was changed.
org.update_member_repository_creation_permissionThe create repository permission for organization members was changed.
org.update_member_repository_invitation_permissionAn organization owner changed the policy setting for organization members inviting outside collaborators to repositories.
org.update_saml_provider_settingsAn organization's SAML provider settings were updated.
org.update_terms_of_serviceAn organization changed between the Standard Terms of Service and the GitHub Customer Agreement.

org_secret_scanning_automatic_validity_checks

ActionDescription
org_secret_scanning_automatic_validity_checks.disabledAutomatic partner validation checks have been disabled at the organization level
org_secret_scanning_automatic_validity_checks.enabledAutomatic partner validation checks have been enabled at the organization level

org_secret_scanning_custom_pattern

ActionDescription
org_secret_scanning_custom_pattern.createA custom pattern was created for secret scanning in an organization.
org_secret_scanning_custom_pattern.deleteA custom pattern was removed from secret scanning in an organization.
org_secret_scanning_custom_pattern.publishA custom pattern was published for secret scanning in an organization.
org_secret_scanning_custom_pattern.updateChanges to a custom pattern were saved and a dry run was executed for secret scanning in an organization.

organization_domain

ActionDescription
organization_domain.approveA domain was approved for an organization.
organization_domain.createA domain was added to an organization.
organization_domain.destroyA domain was removed from an organization.
organization_domain.verifyA domain was verified for an organization.

packages

ActionDescription
packages.package_deletedAn entire package was deleted.
packages.package_publishedA package was published or republished to an organization.
packages.package_version_deletedA specific package version was deleted.
packages.package_version_publishedA specific package version was published or republished to a package.

protected_branch

ActionDescription
protected_branch.authorized_users_teamsThe users, teams, or integrations allowed to bypass a branch protection were changed.
protected_branch.branch_allowancesA protected branch allowance was given to a specific user, team or integration.
protected_branch.createBranch protection was enabled on a branch.
protected_branch.destroyBranch protection was disabled on a branch.
protected_branch.dismiss_stale_reviewsEnforcement of dismissing stale pull requests was updated on a branch.
protected_branch.dismissal_restricted_users_teamsEnforcement of restricting users and/or teams who can dismiss reviews was updated on a branch.
protected_branch.policy_overrideA branch protection requirement was overridden by a repository administrator.
protected_branch.rejected_ref_updateA branch update attempt was rejected.
protected_branch.update_admin_enforcedBranch protection was enforced for repository administrators.
protected_branch.update_allow_deletions_enforcement_levelBranch deletion was enabled or disabled for a protected branch.
protected_branch.update_allow_force_pushes_enforcement_levelForce pushes were enabled or disabled for a branch.
protected_branch.update_ignore_approvals_from_contributorsIgnoring of approvals from contributors to a pull request was enabled or disabled for a branch.
protected_branch.update_linear_history_requirement_enforcement_levelRequired linear commit history was enabled or disabled for a branch.
protected_branch.update_lock_allows_fetch_and_mergeFork syncing was enabled or disabled for a read-only branch
protected_branch.update_lock_branch_enforcement_levelThe enforcement of a branch lock was updated.
protected_branch.update_nameA branch name pattern was updated for a branch.
protected_branch.update_pull_request_reviews_enforcement_levelEnforcement of required pull request reviews was updated for a branch. Can be 0 (deactivated), 1 (non-admins), or 2 (everyone).
protected_branch.update_require_code_owner_reviewEnforcement of required code owner review was updated for a branch.
protected_branch.update_require_last_push_approvalSomeone other than the person who pushed the last code-modifying commit to the branch must approve pull requests for the branch.
protected_branch.update_required_approving_review_countEnforcement of the required number of approvals before merging was updated on a branch.
protected_branch.update_required_status_checks_enforcement_levelEnforcement of required status checks was updated for a branch.
protected_branch.update_signature_requirement_enforcement_levelEnforcement of required commit signing was updated for a branch.
protected_branch.update_strict_required_status_checks_policyEnforcement of required status checks was updated for a branch.

public_key

ActionDescription
public_key.createAn SSH key was added to a user account or a deploy key was added to a repository.
public_key.deleteAn SSH key was removed from a user account or a deploy key was removed from a repository.
public_key.unverification_failureA user account's SSH key or a repository's deploy key was unable to be unverified.
public_key.unverifyA user account's SSH key or a repository's deploy key was unverified.
public_key.updateA user account's SSH key or a repository's deploy key was updated.
public_key.verification_failureA user account's SSH key or a repository's deploy key was unable to be verified.
public_key.verifyA user account's SSH key or a repository's deploy key was verified.

pull_request

ActionDescription
pull_request.closeA pull request was closed without being merged.
pull_request.converted_to_draftA pull request was converted to a draft.
pull_request.createA pull request was created.
pull_request.create_review_requestA review was requested on a pull request.
pull_request.in_progressA pull request was marked as in progress.
pull_request.indirect_mergeA pull request was considered merged because the pull request's commits were merged into the target branch.
pull_request.mergeA pull request was merged.
pull_request.ready_for_reviewA pull request was marked as ready for review.
pull_request.remove_review_requestA review request was removed from a pull request.
pull_request.reopenA pull request was reopened after previously being closed.

pull_request_review_comment

ActionDescription
pull_request_review_comment.createA review comment was added to a pull request.
pull_request_review_comment.deleteA review comment on a pull request was deleted.
pull_request_review_comment.updateA review comment on a pull request was changed.

pull_request_review

ActionDescription
pull_request_review.deleteA review on a pull request was deleted.
pull_request_review.dismissA review on a pull request was dismissed.
pull_request_review.submitA review on a pull request was submitted.

repo

ActionDescription
repo.accessThe visibility of a repository changed.
repo.add_memberA collaborator was added to a repository.
repo.add_topicA topic was added to a repository.
repo.advanced_security_disabledGitHub Advanced Security was disabled for a repository.
repo.advanced_security_enabledGitHub Advanced Security was enabled for a repository.
repo.archivedA repository was archived.
repo.change_merge_settingPull request merge options were changed for a repository.
repo.code_scanning_analysis_deletedCode scanning analysis for a repository was deleted.
repo.code_scanning_configuration_for_branch_deletedA code scanning configuration for a branch of a repository was deleted.
repo.codeql_disabledCode scanning using the default setup was disabled for a repository.
repo.codeql_enabledCode scanning using the default setup was enabled for a repository.
repo.config.disable_collaborators_onlyThe interaction limit for collaborators only was disabled.
repo.config.disable_contributors_onlyThe interaction limit for prior contributors only was disabled in a repository.
repo.config.disable_sockpuppet_disallowedThe interaction limit for existing users only was disabled in a repository.
repo.config.enable_collaborators_onlyThe interaction limit for collaborators only was enabled in a repository Users that are not collaborators or organization members were unable to interact with a repository for a set duration.
repo.config.enable_contributors_onlyThe interaction limit for prior contributors only was enabled in a repository Users that are not prior contributors, collaborators or organization members were unable to interact with a repository for a set duration.
repo.config.enable_sockpuppet_disallowedThe interaction limit for existing users was enabled in a repository New users aren't able to interact with a repository for a set duration Existing users of the repository, contributors, collaborators or organization members are able to interact with a repository.
repo.createA repository was created.
repo.destroyA repository was deleted.
repo.disk_archiveA repository was archived on disk.
repo.download_zipA source code archive of a repository was downloaded as a ZIP file.
repo.override_unlockThe repository was unlocked.
repo.pages_cnameA GitHub Pages custom domain was modified in a repository.
repo.pages_createA GitHub Pages site was created.
repo.pages_destroyA GitHub Pages site was deleted.
repo.pages_https_redirect_disabledHTTPS redirects were disabled for a GitHub Pages site.
repo.pages_https_redirect_enabledHTTPS redirects were enabled for a GitHub Pages site.
repo.pages_privateA GitHub Pages site visibility was changed to private.
repo.pages_publicA GitHub Pages site visibility was changed to public.
repo.pages_sourceA GitHub Pages source was modified.
repo.register_self_hosted_runnerA new self-hosted runner was registered.
repo.remove_memberA collaborator was removed from a repository.
repo.remove_self_hosted_runnerA self-hosted runner was removed.
repo.remove_topicA topic was removed from a repository.
repo.renameA repository was renamed.
repo.self_hosted_runner_offlineThe runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
repo.self_hosted_runner_onlineThe runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
repo.self_hosted_runner_updatedThe runner application was updated. This event is not included in the JSON/CSV export.
repo.set_actions_retention_limitThe retention period for GitHub Actions artifacts and logs in a repository was changed.
repo.staff_unlockAn enterprise owner or GitHub staff (with permission from a repository administrator) temporarily unlocked the repository.
repo.transferA user accepted a request to receive a transferred repository.
repo.transfer_outgoingA repository was transferred to another repository network.
repo.transfer_startA user sent a request to transfer a repository to another user or organization.
repo.unarchivedA repository was unarchived.
repo.update_actions_access_settingsThe setting to control how a repository was used by GitHub Actions workflows in other repositories was changed.
repo.update_actions_settingsA repository administrator changed GitHub Actions policy settings for a repository.
repo.update_memberA user's permission to a repository was changed.

repository_branch_protection_evaluation

ActionDescription
repository_branch_protection_evaluation.disableBranch protections were disabled for the repository.
repository_branch_protection_evaluation.enableBranch protections were enabled for this repository.

repository_invitation

ActionDescription
repository_invitation.acceptAn invitation to join a repository was accepted.
repository_invitation.cancelAn invitation to join a repository was canceled.
repository_invitation.createAn invitation to join a repository was sent.
repository_invitation.rejectAn invitation to join a repository was declined.

repository_ruleset

ActionDescription
repository_ruleset.createA repository ruleset was created.
repository_ruleset.destroyA repository ruleset was deleted.
repository_ruleset.updateA repository ruleset was edited.

repository_secret_scanning_automatic_validity_checks

ActionDescription
repository_secret_scanning_automatic_validity_checks.disabledAutomatic partner validation checks have been disabled at the repository level
repository_secret_scanning_automatic_validity_checks.enabledAutomatic partner validation checks have been enabled at the repository level

repository_secret_scanning_custom_pattern

ActionDescription
repository_secret_scanning_custom_pattern.createA custom pattern was created for secret scanning in a repository.
repository_secret_scanning_custom_pattern.deleteA custom pattern was removed from secret scanning in a repository.
repository_secret_scanning_custom_pattern.publishA custom pattern was published for secret scanning in a repository.
repository_secret_scanning_custom_pattern.updateChanges to a custom pattern were saved and a dry run was executed for secret scanning in a repository.

repository_secret_scanning_custom_pattern_push_protection

ActionDescription
repository_secret_scanning_custom_pattern_push_protection.disabledPush protection for a custom pattern for secret scanning was disabled for your repository.
repository_secret_scanning_custom_pattern_push_protection.enabledPush protection for a custom pattern for secret scanning was enabled for your repository.

repository_secret_scanning

ActionDescription
repository_secret_scanning.disableSecret scanning was disabled for a repository.
repository_secret_scanning.enableSecret scanning was enabled for a repository.

repository_secret_scanning_push_protection

ActionDescription
repository_secret_scanning_push_protection.disableSecret scanning push protection was disabled for a repository.
repository_secret_scanning_push_protection.enableSecret scanning push protection was enabled for a repository.

restrict_notification_delivery

ActionDescription
restrict_notification_delivery.disableEmail notification restrictions for an organization or enterprise were disabled.
restrict_notification_delivery.enableEmail notification restrictions for an organization or enterprise were enabled.

secret_scanning_alert

ActionDescription
secret_scanning_alert.createGitHub detected a secret and created a secret scanning alert.
secret_scanning_alert.reopenA seret scanning alert was reopened.
secret_scanning_alert.resolveA seret scanning alert was resolved.
secret_scanning_alert.revokeA secret scanning alert was revoked.

secret_scanning

ActionDescription
secret_scanning.disableSecret scanning was disabled for all existing repositories.
secret_scanning.enableSecret scanning was enabled for all existing repositories.

secret_scanning_new_repos

ActionDescription
secret_scanning_new_repos.disableSecret scanning was disabled for all new repositories.
secret_scanning_new_repos.enableSecret scanning was enabled for all new repositories.

secret_scanning_push_protection

ActionDescription
secret_scanning_push_protection.bypassTriggered when a user bypasses the push protection on a secret detected by secret scanning.

security_key

ActionDescription
security_key.registerA security key was registered for an account.
security_key.removeA security key was removed from an account.

ssh_certificate_authority

ActionDescription
ssh_certificate_authority.createAn SSH certificate authority for an organization or enterprise was created.
ssh_certificate_authority.destroyAn SSH certificate authority for an organization or enterprise was deleted.

ssh_certificate_requirement

ActionDescription
ssh_certificate_requirement.disableThe requirement for members to use SSH certificates to access an organization resources was disabled.
ssh_certificate_requirement.enableThe requirement for members to use SSH certificates to access an organization resources was enabled.

staff

ActionDescription
staff.set_domain_token_expirationThe verification code expiry time for an organization or enterprise domain was set.
staff.unverify_domainAn organization or enterprise domain was unverified.
staff.verify_domainAn organization or enterprise domain was verified.

team

ActionDescription
team.add_memberA member of an organization was added to a team.
team.add_repositoryA team was given access and permissions to a repository.
team.change_parent_teamA child team was created or a child team's parent was changed.
team.change_privacyA team's privacy level was changed.
team.createA new team is created.
team.demote_maintainerA user was demoted from a team maintainer to a team member.
team.destroyA team was deleted.
team.promote_maintainerA user was promoted from a team member to a team maintainer.
team.remove_memberAn organization member was removed from a team.
team.remove_repositoryA repository was removed from a team's control.
team.renameA team's name was changed.
team.update_repository_permissionA team's permission to a repository was changed.

team_discussions

ActionDescription
team_discussions.clearAn organization owner cleared the setting to allow team discussions for an organization or enterprise.
team_discussions.disableTeam discussions were disabled for an organization.
team_discussions.enableTeam discussions were enabled for an organization.

team_sync_tenant

ActionDescription
team_sync_tenant.disabledTeam synchronization with a tenant was disabled.
team_sync_tenant.enabledTeam synchronization with a tenant was enabled.

two_factor_authentication

ActionDescription
two_factor_authentication.add_factorA secondary authentication factor was added to a user account.
two_factor_authentication.disabledTwo-factor authentication was disabled for a user account.
two_factor_authentication.enabledTwo-factor authentication was enabled for a user account.
two_factor_authentication.password_reset_fallback_smsA one-time password code was sent to a user account fallback phone number.
two_factor_authentication.recovery_codes_regeneratedTwo factor recovery codes were regenerated for a user account.
two_factor_authentication.remove_factorA secondary authentication factor was removed from a user account.
two_factor_authentication.sign_in_fallback_smsA one-time password code was sent to a user account fallback phone number.
two_factor_authentication.update_fallbackThe two-factor authentication fallback for a user account was changed.

user

ActionDescription
user.add_emailAn email address was added to a user account.
user.async_deleteAn asynchronous job was started to destroy a user account, eventually triggering a user.delete event.
user.block_userA user was blocked by another user.
user.change_passwordA user changed their password.
user.createA new user account was created.
user.creation_rate_limit_exceededThe rate of creation of user accounts, applications, issues, pull requests or other resources exceeded the configured rate limits, or too many users were followed too quickly.
user.deleteA user account was destroyed by an asynchronous job.
user.demoteA site administrator was demoted to an ordinary user account.
user.destroyA user deleted his or her account, triggering user.async_delete.
user.failed_loginA user tried to sign in with an incorrect username, password, or two-factor authentication code.
user.flag_as_large_scale_contributorA user account was flagged as a large scale contributor. Only contributions from public repositories the user owns will be shown in their contribution graph, in order to prevent timeouts.
user.forgot_passwordA user requested a password reset.
user.hide_private_contributions_countA user changed the visibility of their private contributions. The number of contributions to private repositories on the user's profile are now hidden.
user.loginA user signed in.
user.logoutA user signed out.
user.minimize_commentA comment made by a user was minimized.
user.promoteAn ordinary user account was promoted to a site administrator.
user.recreateA user's account was restored.
user.remove_emailAn email address was removed from a user account.
user.remove_large_scale_contributor_flagA user account was no longer flagged as a large scale contributor.
user.renameA username was changed.
user.report_contentTriggered when you report an issue or pull request, or a comment on an issue, pull request, or commit.
user.reset_passwordA user reset their account password.
user.show_private_contributions_countA user changed the visibility of their private contributions. The number of contributions to private repositories on the user's profile are now shown.
user.sign_in_from_unrecognized_deviceA user signed in from an unrecognized device.
user.sign_in_from_unrecognized_device_and_locationA user signed in from an unrecognized device and location.
user.sign_in_from_unrecognized_locationA user signed in from an unrecognized location.
user.suspendA user account was suspended.
user.two_factor_challenge_failureA 2FA challenge issued for a user account failed.
user.two_factor_challenge_successA 2FA challenge issued for a user account succeeded.
user.two_factor_recoverA user used their 2FA recovery codes.
user.two_factor_recovery_codes_downloadedA user downloaded 2FA recovery codes for their account.
user.two_factor_recovery_codes_printedA user printed 2FA recovery codes for their account.
user.two_factor_recovery_codes_viewedA user viewed 2FA recovery codes for their account.
user.two_factor_requestedA user was prompted for a two-factor authentication code.
user.unblock_userA user was unblocked by another user.
user.unminimize_commentA comment made by a user was unminimized.
user.unsuspendA user account was unsuspended.

workflows

ActionDescription
workflows.approve_workflow_jobA workflow job was approved.
workflows.cancel_workflow_runA workflow run was cancelled.
workflows.completed_workflow_runA workflow status changed to completed. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
workflows.created_workflow_runA workflow run was create. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
workflows.delete_workflow_runA workflow run was deleted.
workflows.disable_workflowA workflow was disabled.
workflows.enable_workflowA workflow was enabled, after previously being disabled by disable_workflow.
workflows.prepared_workflow_jobA workflow job was started. Includes the list of secrets that were provided to the job. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
workflows.reject_workflow_jobA workflow job was rejected.
workflows.rerun_workflow_runA workflow run was re-run.