The security log lists all actions performed within the last 90 days.
In the upper-right corner of any page, click your profile photo, then click Settings.
In the user settings sidebar, click Security log.
The log lists the following information about each action:
- Which repository an action was performed in
- The user that performed the action
- The action that was performed
- Which country the action took place in
- The date and time the action occurred
Note that you cannot search for entries using text. You can, however, construct search queries using a variety of filters. Many operators used when querying the log, such as
<, match the same format as searching across GitHub Enterprise. For more information, see "Searching on GitHub."
operation qualifier to limit actions to specific types of operations. For example:
operation:accessfinds all events where a resource was accessed.
operation:authenticationfinds all events where an authentication event was performed.
operation:createfinds all events where a resource was created.
operation:modifyfinds all events where an existing resource was modified.
operation:removefinds all events where an existing resource was removed.
operation:restorefinds all events where an existing resource was restored.
operation:transferfinds all events where an existing resource was transferred.
repo qualifier to limit actions to a specific repository. For example:
repo:my-org/our-repofinds all events that occurred for the
our-reporepository in the
repo:my-org/our-repo repo:my-org/another-repofinds all events that occurred for both the
another-reporepositories in the
-repo:my-org/not-this-repoexcludes all events that occurred for the
not-this-reporepository in the
Note that you must include the account name within the
repo qualifier; searching for just
repo:our-repo will not work.
actor qualifier can scope events based on who performed the action. For example:
actor:octocatfinds all events performed by
actor:octocat actor:hubotfinds all events performed by both
-actor:hubotexcludes all events performed by
Note that you can only use a GitHub Enterprise username, not an individual's real name.
|Contains all activities related to OAuth Apps you've connected with.|
|Contains all activities related to your profile picture.|
|Contains all activities related to project boards.|
|Contains all activities related to your public SSH keys.|
|Contains all activities related to the repositories you own.|
|Contains all activities related to teams you are a part of.|
|Contains all activities related to two-factor authentication.|
|Contains all activities related to your account.|
A description of the events within these categories is listed below.
|create||Triggered when you grant access to an OAuth App.|
|destroy||Triggered when you revoke an OAuth App's access to your account.|
|update||Triggered when you set or update your profile picture.|
|Triggered when a project board is created.|
|Triggered when a project board is renamed.|
|Triggered when a project board is updated.|
|Triggered when a project board is deleted.|
|Triggered when a repository is linked to a project board.|
|Triggered when a repository is unlinked from a project board.|
|Triggered when a project board's visibility is changed.|
|Triggered when an outside collaborator is added to or removed from a project board or has their permission level changed.|
|create||Triggered when you add a new public SSH key to your GitHub Enterprise account.|
|delete||Triggered when you remove a public SSH key to your GitHub Enterprise account.|
|access||Triggered when you a repository you own is switched from "private" to "public" (or vice versa).|
|add_member||Triggered when a GitHub Enterprise user is given collaboration access to a repository.|
|add_topic||Triggered when a repository owner adds a topic to a repository.|
|archived||Triggered when a repository owner archives a repository.|
|config.disable_anonymous_git_access||Triggered when anonymous Git read access is disabled in a public repository.|
|config.enable_anonymous_git_access||Triggered when anonymous Git read access is enabled in a public repository.|
|config.lock_anonymous_git_access||Triggered when a repository's anonymous Git read access setting is locked.|
|config.unlock_anonymous_git_access||Triggered when a repository's anonymous Git read access setting is unlocked.|
|create||Triggered when a new repository is created.|
|destroy||Triggered when a repository is deleted.|
|remove_member||Triggered when a GitHub Enterprise user is removed from a repository as a collaborator.|
|remove_topic||Triggered when a repository owner removes a topic from a repository.|
|rename||Triggered when a repository is renamed.|
|transfer||Triggered when a repository is transferred.|
|transfer_start||Triggered when a repository transfer is about to occur.|
|unarchived||Triggered when a repository owner unarchives a repository.|
|add_member||Triggered when a member of an organization you belong to adds you to a team.|
|add_repository||Triggered when a team you are a member of is given control of a repository.|
|create||Triggered when a new team in an organization you belong to is created.|
|destroy||Triggered when a team you are a member of is deleted from the organization.|
|remove_member||Triggered when a member of an organization is removed from a team you are a member of.|
|remove_repository||Triggered when a repository is no longer under a team's control.|
|enabled||Triggered when two-factor authentication is enabled.|
|disabled||Triggered when two-factor authentication is disabled.|
|add_email||Triggered when you add a new email address.|
|create||Triggered when you create a new user account.|
|remove_email||Triggered when you remove an email address.|
|rename||Triggered when you rename your account.|
|change_password||Triggered when you change your password.|
|forgot_password||Triggered when you ask for a password reset.|
|login||Triggered when you log in to your GitHub Enterprise Server instance.|
|failed_login||Triggered when you failed to log in successfully.|
|two_factor_requested||Triggered when GitHub Enterprise asks you for your two-factor authentication code.|
|show_private_contributions_count||Triggered when you publicize private contributions on your profile.|
|hide_private_contributions_count||Triggered when you hide private contributions on your profile.|
|update||Triggered when you set or change the status on your profile. For more information, see "Setting a status."|
|destroy||Triggered when you clear the status on your profile.|