Skip to main content

Review the events recorded in an enterprise's audit log.

Who can use this feature?

Enterprise owners

In this article

Note

This article lists events that may appear in the audit log for an enterprise. For the events that can appear in a user account's security log or the audit log for an organization, see "Security log events" and "Audit log events for your organization."

What types of events are included?

  • Without Enterprise Managed Users, the audit log only includes events related to the enterprise account and the organizations within it.
  • With Enterprise Managed Users, the audit log also includes user events, which are not listed here. For that list, see "Security log events."

account

ActionDescription
account.plan_changeThe account's plan changed.

actions_cache

ActionDescription
actions_cache.deleteA GitHub Actions cache was deleted using the REST API.

advisory_credit

ActionDescription
advisory_credit.acceptCredit was accepted for a security advisory.
advisory_credit.createSomeone was added to the credit section of a security advisory.
advisory_credit.declineCredit was declined for a security advisory.
advisory_credit.destroySomeone was removed from the credit section of a security advisory.

api

ActionDescription
api.requestAn API request was made to an endpoint for the enterprise, or an enterprise owned resource. This event is only included if API Request Events is enabled in the enterprise's audit log settings. This event is only available via audit log streaming.

artifact

ActionDescription
artifact.destroyA workflow run artifact was manually deleted.

audit_log_streaming

ActionDescription
audit_log_streaming.checkA manual check of the endpoint configured for audit log streaming was performed.
audit_log_streaming.createAn endpoint was added for audit log streaming.
audit_log_streaming.destroyAn audit log streaming endpoint was deleted.
audit_log_streaming.updateAn endpoint configuration was updated for audit log streaming, such as the stream was paused, enabled, or disabled.

auto_approve_personal_access_token_requests

ActionDescription
auto_approve_personal_access_token_requests.disableTriggered when the organization must approve fine-grained personal access tokens before the tokens can access organization resources. See also: personal_access_token.auto_approve_grant_requests_disabled
auto_approve_personal_access_token_requests.enableTriggered when fine-grained personal access tokens can access organization resources without prior approval. See also: personal_access_token.auto_approve_grant_requests_enabled

billing

ActionDescription
billing.change_billing_typeThe way the account pays for GitHub was changed.
billing.change_emailThe billing email address changed.

business

ActionDescription
business.add_adminAn enterprise owner was added to an enterprise.
business.add_billing_managerA billing manager was added to an enterprise.
business.add_organizationAn organization was added to an enterprise.
business.add_support_entitleeA support entitlement was added to a member of an enterprise.
business.advanced_security_policy_updateAn enterprise owner created, updated, or removed a policy for GitHub Advanced Security.
business.audit_log_exportAn export of the enterprise audit log was created. If the export included a query, the log will list the query used and the number of audit log entries matching that query.
business.audit_log_git_event_exportAn export of the enterprise's Git events was created.
business.cancel_admin_invitationAn invitation for someone to be an owner of an enterprise was canceled.
business.cancel_billing_manager_invitationAn invitation for someone to be an billing manager of an enterprise was canceled.
business.cancel_trialThe trial of GitHub Enterprise Cloud was canceled.
business.change_seats_plan_typeThe seats plan type was changed for an enterprise.
business.clear_actions_settingsAn enterprise owner or site administrator cleared GitHub Actions policy settings for an enterprise.
business.clear_default_repository_permissionAn enterprise owner cleared the base repository permission policy setting for an enterprise.
business.clear_members_can_create_reposAn enterprise owner cleared a restriction on repository creation in organizations in the enterprise.
business.code_scanning_autofix_policy_updateThe policy for Code scanning autofix was updated for an enterprise.
business.code_scanning_autofix_third_party_tools_policy_updateThe policy for Code scanning autofix third party tools was updated for an enterprise.
business.connect_usage_metrics_exportServer statistics were exported for the enterprise.
business.convert_trialThe enterprise account on a trial of GitHub Enterprise Cloud was upgraded to a paid enterprise account.
business.createAn enterprise was created.
business.create_trialA trial of GitHub Enterprise Cloud began.
business.deleteThe enterprise was deleted.
business.disable_oidcOIDC single sign-on was disabled for an enterprise.
business.disable_open_scimSCIM provisioning for custom integrations that use the REST API was disabled for the enterprise.
business.disable_samlSAML single sign-on was disabled for an enterprise.
business.disable_source_ip_disclosureDisplay of IP addresses within audit log events for the enterprise was disabled.
business.disable_two_factor_requirementThe requirement for members to have two-factor authentication enabled to access an enterprise was disabled.
business.enable_oidcOIDC single sign-on was enabled for an enterprise.
business.enable_open_scimSCIM provisioning for custom integrations that use the REST API was enabled for the enterprise.
business.enable_samlSAML single sign-on was enabled for an enterprise.
business.enable_source_ip_disclosureDisplay of IP addresses within audit log events for the enterprise was enabled.
business.enable_two_factor_requirementThe requirement for members to have two-factor authentication enabled to access an enterprise was enabled.
business.enterprise_server_license_downloadA GitHub Enterprise Server license was downloaded.
business.expire_trialThe trial of GitHub Enterprise Cloud expired.
business.import_license_usageLicense usage information was imported from a GitHub Enterprise Server instance to an enterprise account on GitHub.com.
business.invite_adminAn invitation for someone to be an enterprise owner of an enterprise was sent.
business.invite_billing_managerAn invitation for someone to be an billing manager of an enterprise was sent.
business.members_can_update_protected_branches.clearAn enterprise owner unset a policy for whether members of an enterprise can update protected branches on repositories for individual organizations. Organization owners can choose whether to allow updating protected branches settings.
business.members_can_update_protected_branches.disableThe ability for enterprise members to update branch protection rules was disabled. Only enterprise owners can update protected branches.
business.members_can_update_protected_branches.enableThe ability for enterprise members to update branch protection rules was enabled. Enterprise owners and members can update protected branches.
business.recovery_code_failedAn enterprise owner failed to sign into a enterprise with an external identity provider (IdP) using a recovery code.
business.recovery_code_usedAn enterprise owner successfully signed into an enterprise with an external identity provider (IdP) using a recovery code.
business.recovery_codes_downloadedAn enterprise owner downloaded the enterprise's SSO recovery codes.
business.recovery_codes_generatedAn enterprise owner generated the enterprise's SSO recovery codes.
business.recovery_codes_printedAn enterprise owner printed the enterprise's SSO recovery codes.
business.recovery_codes_viewedAn enterprise owner viewed the enterprise's SSO recovery codes.
business.remove_adminAn enterprise owner was removed from an enterprise.
business.remove_billing_managerA billing manager was removed from an enterprise.
business.remove_memberA member was removed from an enterprise.
business.remove_organizationAn organization was removed from an enterprise.
business.remove_support_entitleeA support entitlement was removed from a member of an enterprise.
business.rename_slugThe slug for the enterprise URL was renamed.
business.restoreThe deleted enterprise was restored.
business.revoke_external_identityThe external identity for a member in an enterprise was revoked.
business.revoke_sso_sessionThe SAML single sign-on session for a member in an enterprise was revoked.
business.security_center_export_code_scanning_metricsA CSV export was requested on the "CodeQL pull request alerts" page.
business.security_center_export_coverageA CSV export was requested on the "Coverage" page.
business.security_center_export_overview_dashboardA CSV export was requested on the "Overview Dashboard" page.
business.security_center_export_riskA CSV export was requested on the "Risk" page.
business.set_actions_fork_pr_approvals_policyThe policy for requiring approvals for workflows from public forks was changed for an enterprise.
business.set_actions_private_fork_pr_approvals_policyThe policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an enterprise.
business.set_actions_retention_limitThe retention period for GitHub Actions artifacts and logs was changed for an enterprise.
business.set_default_workflow_permissionsThe default permissions granted to the GITHUB_TOKEN when running workflows were changed for an enterprise.
business.set_fork_pr_workflows_policyThe policy for fork pull request workflows was changed for an enterprise.
business.set_workflow_permission_can_approve_prThe policy for allowing GitHub Actions to create and approve pull requests was changed for an enterprise.
business.sso_responseA SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your enterprise. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
business.update_actions_settingsAn enterprise owner or site administrator updated GitHub Actions policy settings for an enterprise.
business.update_default_repository_permissionThe base repository permission setting was updated for all organizations in an enterprise.
business.update_member_repository_creation_permissionThe repository creation setting was updated for an enterprise.
business.update_member_repository_invitation_permissionThe policy setting for enterprise members inviting outside collaborators to repositories was updated.
business.update_saml_provider_settingsThe SAML single sign-on provider settings for an enterprise were updated.
business.upgrade_from_organizationThe organization was upgraded to an enterprise account.

business_advanced_security

ActionDescription
business_advanced_security.disabledGitHub Advanced Security was disabled for your enterprise.
business_advanced_security.disabled_for_new_reposGitHub Advanced Security was disabled for new repositories in your enterprise.
business_advanced_security.disabled_for_new_user_namespace_reposGitHub Advanced Security was disabled for new user namespace repositories in your enterprise.
business_advanced_security.enabledGitHub Advanced Security was enabled for your enterprise.
business_advanced_security.enabled_for_new_reposGitHub Advanced Security was enabled for new repositories in your enterprise.
business_advanced_security.enabled_for_new_user_namespace_reposGitHub Advanced Security was enabled for new user namespace repositories in your enterprise.
business_advanced_security.user_namespace_repos_disabledGitHub Advanced Security was disabled for user namespace repositories in your enterprise.
business_advanced_security.user_namespace_repos_enabledGitHub Advanced Security was enabled for user namespace repositories in your enterprise.

business_dependabot_alerts

ActionDescription
business_dependabot_alerts.disableDependabot alerts were disabled for your enterprise.
business_dependabot_alerts.enableDependabot alerts were enabled for your enterprise.

business_dependabot_alerts_new_repos

ActionDescription
business_dependabot_alerts_new_repos.disableDependabot alerts were disabled for new repositories in your enterprise.
business_dependabot_alerts_new_repos.enableDependabot alerts were enabled for new repositories in your enterprise.

business_secret_scanning_automatic_validity_checks

ActionDescription
business_secret_scanning_automatic_validity_checks.disabledAutomatic partner validation checks have been disabled at the business level
business_secret_scanning_automatic_validity_checks.enabledAutomatic partner validation checks have been enabled at the business level

business_secret_scanning_custom_pattern

ActionDescription
business_secret_scanning_custom_pattern.createAn enterprise-level custom pattern was created for secret scanning.
business_secret_scanning_custom_pattern.deleteAn enterprise-level custom pattern was removed from secret scanning.
business_secret_scanning_custom_pattern.publishAn enterprise-level custom pattern was published for secret scanning.
business_secret_scanning_custom_pattern.updateChanges to an enterprise-level custom pattern were saved and a dry run was executed for secret scanning.

business_secret_scanning_custom_pattern_push_protection

ActionDescription
business_secret_scanning_custom_pattern_push_protection.disabledPush protection for a custom pattern for secret scanning was disabled for your enterprise.
business_secret_scanning_custom_pattern_push_protection.enabledPush protection for a custom pattern for secret scanning was enabled for your enterprise.

business_secret_scanning

ActionDescription
business_secret_scanning.disableSecret scanning was disabled for your enterprise.
business_secret_scanning.disabled_for_new_reposSecret scanning was disabled for new repositories in your enterprise.
business_secret_scanning.enableSecret scanning was enabled for your enterprise.
business_secret_scanning.enabled_for_new_reposSecret scanning was enabled for new repositories in your enterprise.

business_secret_scanning_generic_secrets

ActionDescription
business_secret_scanning_generic_secrets.disabledGeneric secrets have been disabled at the business level
business_secret_scanning_generic_secrets.enabledGeneric secrets have been enabled at the business level

business_secret_scanning_non_provider_patterns

ActionDescription
business_secret_scanning_non_provider_patterns.disabledSecret scanning for non-provider patterns was disabled at the enterprise level.
business_secret_scanning_non_provider_patterns.enabledSecret scanning for non-provider patterns was enabled at the enterprise level.

business_secret_scanning_push_protection_custom_message

ActionDescription
business_secret_scanning_push_protection_custom_message.disableThe custom message triggered by an attempted push to a push-protected repository was disabled for your enterprise.
business_secret_scanning_push_protection_custom_message.enableThe custom message triggered by an attempted push to a push-protected repository was enabled for your enterprise.
business_secret_scanning_push_protection_custom_message.updateThe custom message triggered by an attempted push to a push-protected repository was updated for your enterprise.

business_secret_scanning_push_protection

ActionDescription
business_secret_scanning_push_protection.disablePush protection for secret scanning was disabled for your enterprise.
business_secret_scanning_push_protection.disabled_for_new_reposPush protection for secret scanning was disabled for new repositories in your enterprise.
business_secret_scanning_push_protection.enablePush protection for secret scanning was enabled for your enterprise.
business_secret_scanning_push_protection.enabled_for_new_reposPush protection for secret scanning was enabled for new repositories in your enterprise.

checks

ActionDescription
checks.auto_trigger_disabledAutomatic creation of check suites was disabled on a repository in the organization or enterprise.
checks.auto_trigger_enabledAutomatic creation of check suites was enabled on a repository in the organization or enterprise.
checks.delete_logsLogs in a check suite were deleted.

code

ActionDescription
code.searchA code search was run targeting an organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.

codespaces

ActionDescription
codespaces.allow_permissionsA codespace using custom permissions from its devcontainer.json file was launched.
codespaces.attempted_to_create_from_prebuildAn attempt to create a codespace from a prebuild was made.
codespaces.business_enablement_updatedEnterprise setting for Codespaces ownership was updated.
codespaces.connectCredentials for a codespace were refreshed.
codespaces.createA codespace was created
codespaces.destroyA user deleted a codespace.
codespaces.export_environmentA codespace was exported to a branch on GitHub.
codespaces.policy_group_createdPolicies were applied to codespaces in an organization or enterprise.
codespaces.policy_group_deletedPolicies were removed from codespaces in an organization or enterprise.
codespaces.policy_group_updatedPolicies were updated for codespaces in an organization or enterprise.
codespaces.restoreA codespace was restored.
codespaces.start_environmentA codespace was started.
codespaces.suspend_environmentA codespace was stopped.
codespaces.trusted_repositories_access_updateA personal account's access and security setting for Codespaces were updated.

commit_comment

ActionDescription
commit_comment.destroyA commit comment was deleted.
commit_comment.updateA commit comment was updated.

copilot

ActionDescription
copilot.access_revokedCopilot access was revoked for the organization or enterprise due to its Copilot subscription ending, an issue with billing the entity, the entity being marked spammy, or the entity being suspended.
copilot.cfb_enterprise_org_enablement_changedThe Copilot enablement policy changed at the enterprise level to either allow or disable access for all organizations, or to allow access for selected organizations.
copilot.cfb_enterprise_settings_changedCopilot feature settings were changed at the enterprise level.
copilot.cfb_org_settings_changedCopilot feature settings were changed at the organization level.
copilot.cfb_seat_addedA Copilot Business or Copilot Enterprise seat was added for a user and they have received access to GitHub Copilot. This can occur as the result of directly assigning a seat for a user, assigning a seat for a team, or setting the organization to allow access for all members.
copilot.cfb_seat_assignment_createdA Copilot Business or Copilot Enterprise seat assignment was newly created for a user or a team, and seats are being created.
copilot.cfb_seat_assignment_refreshedA seat assignment that was previously pending cancellation was re-assigned and the user will retain access to Copilot.
copilot.cfb_seat_assignment_reusedA Copilot Business or Copilot Enterprise seat assignment was re-created for a user who already had a seat with no pending cancellation date, and the user will retain access to Copilot.
copilot.cfb_seat_assignment_unassignedA user or team's Copilot Business or Copilot Enterprise seat assignment was unassigned, and the user(s) will lose access to Copilot at the end of the current billing cycle.
copilot.cfb_seat_cancelledA user's Copilot Business or Copilot Enterprise seat was canceled, and the user no longer has access to Copilot.
copilot.cfb_seat_cancelled_by_staffA user's Copilot Business or Copilot Enterprise seat was canceled manually by GitHub staff, and the user no longer has access to Copilot.
copilot.cfb_seat_management_changedThe seat management setting was changed at the organization level to either enable or disable Copilot access for all members of the organization, or to enable Copilot access for selected members or teams.
copilot.clickwrap_save_eventThe GitHub Copilot Product Terms or Pre-Release Preview Terms were accepted.
copilot.content_exclusion_changedThe excluded paths for GitHub Copilot were updated.
copilot.enterprise_enablement_changedCopilot access was enabled or disabled at the enterprise level.
copilot.knowledge_base_createdA knowledge base was created in the organization.
copilot.knowledge_base_deletedA knowledge base was deleted from the organization.
copilot.knowledge_base_updatedA knowledge base was updated in the organization.
copilot.plan_changedThe plan for GitHub Copilot was updated.
copilot.plan_downgrade_scheduledThe plan for GitHub Copilot was scheduled to be downgraded.

custom_property_definition

ActionDescription
custom_property_definition.createA new custom property definition was created.
custom_property_definition.destroyA custom property definition was deleted.
custom_property_definition.updateA custom property definition was updated.

custom_property_value

ActionDescription
custom_property_value.createA repository's custom property value was manually set for the first time.
custom_property_value.destroyA repository's custom property value was deleted.
custom_property_value.updateA repository's custom property value was updated.

dependabot_alerts

ActionDescription
dependabot_alerts.disableDependabot alerts were disabled for all existing repositories.
dependabot_alerts.enableDependabot alerts were enabled for all existing repositories.

dependabot_alerts_new_repos

ActionDescription
dependabot_alerts_new_repos.disableDependabot alerts were disabled for all new repositories.
dependabot_alerts_new_repos.enableDependabot alerts were enabled for all new repositories.

dependabot_repository_access

ActionDescription
dependabot_repository_access.repositories_updatedThe repositories that Dependabot can access were updated.

dependabot_security_updates

ActionDescription
dependabot_security_updates.disableDependabot security updates were disabled for all existing repositories.
dependabot_security_updates.enableDependabot security updates were enabled for all existing repositories.

dependabot_security_updates_new_repos

ActionDescription
dependabot_security_updates_new_repos.disable Dependabot security updates were disabled for all new repositories.
dependabot_security_updates_new_repos.enableDependabot security updates were enabled for all new repositories.

dependency_graph

ActionDescription
dependency_graph.disableThe dependency graph was disabled for all existing repositories.
dependency_graph.enableThe dependency graph was enabled for all existing repositories.

dependency_graph_new_repos

ActionDescription
dependency_graph_new_repos.disableThe dependency graph was disabled for all new repositories.
dependency_graph_new_repos.enableThe dependency graph was enabled for all new repositories.

discussion_post

ActionDescription
discussion_post.destroyTriggered when a team discussion post is deleted.
discussion_post.updateTriggered when a team discussion post is edited.

discussion_post_reply

ActionDescription
discussion_post_reply.destroyTriggered when a reply to a team discussion post is deleted.
discussion_post_reply.updateTriggered when a reply to a team discussion post is edited.

enterprise_announcement

ActionDescription
enterprise_announcement.createA global announcement banner was created for the enterprise.
enterprise_announcement.destroyA global announcement banner was removed from the enterprise.
enterprise_announcement.updateA global announcement banner was updated for the enterprise.

enterprise_domain

ActionDescription
enterprise_domain.approveA domain was approved for an enterprise.
enterprise_domain.createA domain was added to an enterprise.
enterprise_domain.destroyA domain was removed from an enterprise.
enterprise_domain.verifyA domain was verified for an enterprise.

enterprise_installation

ActionDescription
enterprise_installation.createThe GitHub App associated with a GitHub Connect connection was created.
enterprise_installation.destroyThe GitHub App associated with a GitHub Connect connection was deleted.

enterprise

ActionDescription
enterprise.register_self_hosted_runnerA new GitHub Actions self-hosted runner was registered.
enterprise.remove_self_hosted_runnerA GitHub Actions self-hosted runner was removed.
enterprise.runner_group_createdA GitHub Actions self-hosted runner group was created.
enterprise.runner_group_removedA GitHub Actions self-hosted runner group was removed.
enterprise.runner_group_renamedA GitHub Actions self-hosted runner group was renamed.
enterprise.runner_group_runner_removedThe REST API was used to remove a GitHub Actions self-hosted runner from a group.
enterprise.runner_group_runners_addedA GitHub Actions self-hosted runner was added to a group.
enterprise.runner_group_runners_updatedA GitHub Actions runner group's list of members was updated.
enterprise.runner_group_updatedThe configuration of a GitHub Actions self-hosted runner group was changed.
enterprise.runner_group_visiblity_updatedThe visibility of a GitHub Actions self-hosted runner group was updated via the REST API.
enterprise.self_hosted_runner_offlineThe GitHub Actions runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
enterprise.self_hosted_runner_onlineThe GitHub Actions runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
enterprise.self_hosted_runner_updatedThe GitHub Actions runner application was updated. This event is not included in the JSON/CSV export.

enterprise_team

ActionDescription
enterprise_team.add_memberA new member was added to the enterprise team or an IdP group linked to an enterprise team, or an IdP group was linked to an enterprise team.
enterprise_team.copilot_assignmentA license for GitHub Copilot was assigned to an enterprise team.
enterprise_team.copilot_unassignmentA license for GitHub Copilot was unassigned from an enterprise team.
enterprise_team.createA new enterprise team was created.
enterprise_team.destroyAn enterprise team was deleted.
enterprise_team.remove_memberA member was removed from the enterprise team or an IdP group linked to an enterprise team, or an IdP group was unlinked from an enterprise team.
enterprise_team.renameThe name of an enterprise team was changed.

environment

ActionDescription
environment.add_protection_ruleA GitHub Actions deployment protection rule was created via the API.
environment.create_actions_secretA secret was created for a GitHub Actions environment.
environment.create_actions_variableA variable was created for a GitHub Actions environment.
environment.deleteAn environment was deleted.
environment.remove_actions_secretA secret was deleted for a GitHub Actions environment.
environment.remove_actions_variableA variable was deleted for a GitHub Actions environment.
environment.remove_protection_ruleA GitHub Actions deployment protection rule was deleted via the API.
environment.update_actions_secretA secret was updated for a GitHub Actions environment.
environment.update_actions_variableA variable was updated for a GitHub Actions environment.
environment.update_protection_ruleA GitHub Actions deployment protection rule was updated via the API.

external_group

ActionDescription
external_group.add_memberA user was added to an external group.
external_group.deleteAn external group was deleted.
external_group.linkAn external group was linked to a GitHub team.
external_group.provisionAn external group was created.
external_group.remove_memberA user was removed from an external group.
external_group.scim_api_failureFailed external group SCIM API request.
external_group.scim_api_successSuccessful external group SCIM API request. Excludes GET API requests.
external_group.unlinkAn external group was unlinked to a GitHub team.
external_group.updateAn external group was updated.
external_group.update_display_nameAn external group's display name was updated.

external_identity

ActionDescription
external_identity.deprovisionAn external identity was deprovisioned, suspending the linked GitHub user.
external_identity.provisionAn external identity was created and linked to a GitHub user.
external_identity.scim_api_failureFailed external identity SCIM API request.
external_identity.scim_api_successSuccessful external identity SCIM API request. Excludes GET API requests.
external_identity.updateAn external identity was updated.

git

ActionDescription
git.cloneA repository was cloned.
git.fetchChanges were fetched from a repository.
git.pushChanges were pushed to a repository.

hook

ActionDescription
hook.active_changedA hook's active status was updated.
hook.config_changedA hook's configuration was changed.
hook.createA new hook was added.
hook.destroyA hook was deleted.
hook.events_changedA hook's configured events were changed.

integration

ActionDescription
integration.createA GitHub App was created.
integration.destroyA GitHub App was deleted.
integration.manager_addedA member of an enterprise or organization was added as a GitHub App manager.
integration.manager_removedA member of an enterprise or organization was removed from being a GitHub App manager.
integration.remove_client_secretA client secret for a GitHub App was removed.
integration.revoke_all_tokensAll user tokens for a GitHub App were requested to be revoked.
integration.revoke_tokensToken(s) for a GitHub App were revoked.
integration.suspendA GitHub App was suspended.
integration.transferOwnership of a GitHub App was transferred to another user or organization.
integration.unsuspendA GitHub App was unsuspended.

integration_installation

ActionDescription
integration_installation.createA GitHub App was installed.
integration_installation.destroyA GitHub App was uninstalled.
integration_installation.repositories_addedRepositories were added to a GitHub App.
integration_installation.repositories_removedRepositories were removed from a GitHub App.
integration_installation.suspendA GitHub App was suspended.
integration_installation.unsuspendA GitHub App was unsuspended.
integration_installation.version_updatedPermissions for a GitHub App were updated.

integration_installation_request

ActionDescription
integration_installation_request.closeA request to install a GitHub App was either approved or denied by an owner, or canceled by the member who opened the request.
integration_installation_request.createA member requested that an owner install a GitHub App.

ip_allow_list

ActionDescription
ip_allow_list.disableAn IP allow list was disabled.
ip_allow_list.disable_for_installed_appsAn IP allow list was disabled for installed GitHub Apps.
ip_allow_list.disable_idp_ip_allowlist_for_webIdentity Provider based IP allow list for web interactions was disabled.
ip_allow_list.disable_user_level_enforcementIP allow list user level enforcement was disabled.
ip_allow_list.enableAn IP allow list was enabled.
ip_allow_list.enable_for_installed_appsAn IP allow list was enabled for installed GitHub Apps.
ip_allow_list.enable_idp_ip_allowlist_for_webIdentity Provider based IP allow list for web interactions was enabled.
ip_allow_list.enable_user_level_enforcementIP allow list user level enforcement was enabled.

ip_allow_list_entry

ActionDescription
ip_allow_list_entry.createAn IP address was added to an IP allow list.
ip_allow_list_entry.destroyAn IP address was deleted from an IP allow list.
ip_allow_list_entry.updateAn IP address or its description was changed.

issue_comment

ActionDescription
issue_comment.destroyA comment on an issue was deleted from the repository.
issue_comment.updateA comment on an issue (other than the initial one) changed.

issue

ActionDescription
issue.destroyAn issue was deleted from the repository.
issue.pinnedAn issue was pinned to a repository.
issue.transferAn issue was transferred to another repository.
issue.unpinnedAn issue was unpinned from a repository.

issues

ActionDescription
issues.deletes_disabledThe ability for enterprise members to delete issues was disabled Members cannot delete issues in any organizations in an enterprise.
issues.deletes_enabledThe ability for enterprise members to delete issues was enabled Members can delete issues in any organizations in an enterprise.
issues.deletes_policy_clearedAn enterprise owner cleared the policy setting for allowing members to delete issues in an enterprise.

marketplace_agreement_signature

ActionDescription
marketplace_agreement_signature.createThe GitHub Marketplace Developer Agreement was signed.

marketplace_listing

ActionDescription
marketplace_listing.approveA listing was approved for inclusion in GitHub Marketplace.
marketplace_listing.change_categoryA category for a listing for an app in GitHub Marketplace was changed.
marketplace_listing.createA listing for an app in GitHub Marketplace was created.
marketplace_listing.delistA listing was removed from GitHub Marketplace.
marketplace_listing.redraftA listing was sent back to draft state.
marketplace_listing.rejectA listing was not accepted for inclusion in GitHub Marketplace.

members_can_create_pages

ActionDescription
members_can_create_pages.disableThe ability for members to publish GitHub Pages sites was disabled.
members_can_create_pages.enableThe ability for members to publish GitHub Pages sites was enabled.

members_can_create_public_pages

ActionDescription
members_can_create_public_pages.disableThe ability for members to publish public GitHub Pages was disabled Members cannot publish public GitHub Pages in an organization.
members_can_create_public_pages.enableThe ability for members to publish public GitHub Pages was enabled Members can publish public GitHub Pages in an organization.

members_can_delete_repos

ActionDescription
members_can_delete_repos.clearAn enterprise owner cleared the policy setting for deleting or transferring repositories in any organizations in an enterprise.
members_can_delete_repos.disableThe ability for enterprise members to delete repositories was disabled Members cannot delete or transfer repositories in any organizations in an enterprise.
members_can_delete_repos.enableThe ability for enterprise members to delete repositories was enabled Members can delete or transfer repositories in any organizations in an enterprise.

members_can_view_dependency_insights

ActionDescription
members_can_view_dependency_insights.clearAn enterprise owner cleared the policy setting for viewing dependency insights in any organizations in an enterprise.
members_can_view_dependency_insights.disableThe ability for enterprise members to view dependency insights was disabled. Members cannot view dependency insights in any organizations in an enterprise.
members_can_view_dependency_insights.enableThe ability for enterprise members to view dependency insights was enabled. Members can view dependency insights in any organizations in an enterprise.

migration

ActionDescription
migration.createA migration file was created for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance.
migration.destroy_fileA migration file for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance was deleted.
migration.downloadA migration file for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance was downloaded.

network_configuration

ActionDescription
network_configuration.createA network configuration for a hosted compute service was created.
network_configuration.deleteA network configuration for a hosted compute service was deleted.
network_configuration.updateA network configuration for a hosted compute service was updated.

oauth_application

ActionDescription
oauth_application.createAn OAuth application was created.
oauth_application.destroyAn OAuth application was deleted.
oauth_application.generate_client_secretAn OAuth application's secret key was generated.
oauth_application.remove_client_secretAn OAuth application's secret key was deleted.
oauth_application.reset_secretThe secret key for an OAuth application was reset.
oauth_application.revoke_all_tokensAll user tokens for an OAuth application were requested to be revoked.
oauth_application.revoke_tokensToken(s) for an OAuth application were revoked.
oauth_application.transferAn OAuth application was transferred from one account to another.

org

ActionDescription
org.accept_business_invitationAn invitation sent to an organization to join an enterprise was accepted.
org.add_billing_managerA billing manager was added to an organization.
org.add_memberA user joined an organization.
org.add_outside_collaboratorAn outside collaborator was added to a repository.
org.advanced_security_disabled_for_new_reposGitHub Advanced Security was disabled for new repositories in an organization.
org.advanced_security_disabled_on_all_reposGitHub Advanced Security was disabled for all repositories in an organization.
org.advanced_security_enabled_for_new_reposGitHub Advanced Security was enabled for new repositories in an organization.
org.advanced_security_enabled_on_all_reposGitHub Advanced Security was enabled for all repositories in an organization.
org.advanced_security_policy_selected_member_disabledAn enterprise owner prevented GitHub Advanced Security features from being enabled for repositories owned by the organization.
org.advanced_security_policy_selected_member_enabledAn enterprise owner allowed GitHub Advanced Security features to be enabled for repositories owned by the organization.
org.audit_log_exportAn export of the organization audit log was created. If the export included a query, the log will list the query used and the number of audit log entries matching that query.
org.audit_log_git_event_exportAn export of the organization's Git events was created.
org.block_userAn organization owner blocked a user from accessing the organization's repositories.
org.cancel_business_invitationAn invitation for an organization to join an enterprise was revoked
org.cancel_invitationAn invitation sent to a user to join an organization was revoked.
org.code_scanning_autofix_disabledAutofix for code scanning alerts was disabled for an organization.
org.code_scanning_autofix_enabledAutofix for code scanning alerts was enabled for an organization.
org.code_scanning_autofix_third_party_tools_disabledAutofix for third party tools for code scanning alerts was disabled for an organization.
org.code_scanning_autofix_third_party_tools_enabledAutofix for third party tools for code scanning alerts was enabled for an organization.
org.codeql_disabledCode scanning using the default setup was disabled for an organization.
org.codeql_enabledCode scanning using the default setup was enabled for an organization.
org.codespaces_access_updatedAccess to use Codespaces on internal and private repositories was updated for an organization.
org.codespaces_ownership_updatedOwnership and payment for codespaces was updated for an organization.
org.codespaces_team_access_allowedA team has been allowed to use Codespaces for an organization.
org.codespaces_team_access_revokedA team has been prevented from using Codespaces for an organization.
org.codespaces_trusted_repo_access_grantedGitHub Codespaces was granted trusted repository access to all other repositories in an organization.
org.codespaces_trusted_repo_access_revokedGitHub Codespaces trusted repository access to all other repositories in an organization was revoked.
org.codespaces_user_access_allowedA user has been allowed to use Codespaces for an organization.
org.codespaces_user_access_revokedA user has been prevented from using Codespaces for an organization.
org.config.disable_collaborators_onlyThe interaction limit for collaborators only for an organization was disabled.
org.config.disable_contributors_onlyThe interaction limit for prior contributors only for an organization was disabled.
org.config.disable_sockpuppet_disallowedThe interaction limit for existing users only for an organization was disabled.
org.config.enable_collaborators_onlyThe interaction limit for collaborators only for an organization was enabled.
org.config.enable_contributors_onlyThe interaction limit for prior contributors only for an organization was enabled.
org.config.enable_sockpuppet_disallowedThe interaction limit for existing users only for an organization was enabled.
org.confirm_business_invitationAn invitation for an organization to join an enterprise was confirmed.
org.createAn organization was created.
org.create_actions_secretA GitHub Actions secret was created for an organization.
org.create_actions_variableA GitHub Actions variable was created for an organization.
org.create_integration_secretA Codespaces or Dependabot secret was created for an organization.
org.deleteAn organization was deleted by a user or staff.
org.disable_member_team_creation_permissionTeam creation was limited to owners.
org.disable_oauth_app_restrictionsThird-party application access restrictions for an organization were disabled.
org.disable_reader_discussion_creation_permissionAn organization owner limited discussion creation to users with at least triage permission in an organization.
org.disable_samlSAML single sign-on was disabled for an organization.
org.disable_two_factor_requirementA two-factor authentication requirement was disabled for the organization.
org.display_commenter_full_name_disabledAn organization owner disabled the display of a commenter's full name in an organization. Members cannot see a comment author's full name.
org.display_commenter_full_name_enabledAn organization owner enabled the display of a commenter's full name in an organization. Members can see a comment author's full name.
org.enable_member_team_creation_permissionTeam creation by members was allowed.
org.enable_oauth_app_restrictionsThird-party application access restrictions for an organization were enabled.
org.enable_reader_discussion_creation_permissionAn organization owner allowed users with read access to create discussions in an organization
org.enable_samlSAML single sign-on was enabled for the organization.
org.enable_two_factor_requirementTwo-factor authentication is now required for the organization.
org.integration_manager_addedAn organization owner granted a member access to manage all GitHub Apps owned by an organization.
org.integration_manager_removedAn organization owner removed access to manage all GitHub Apps owned by an organization from an organization member.
org.invite_memberA new user was invited to join an organization.
org.invite_to_businessAn organization was invited to join an enterprise.
org.members_can_update_protected_branches.disableThe ability for enterprise members to update protected branches was disabled. Only enterprise owners can update protected branches.
org.members_can_update_protected_branches.enableThe ability for enterprise members to update protected branches was enabled. Members of an organization can update protected branches.
org.oauth_app_access_approvedAccess to an organization was granted for an OAuth App.
org.oauth_app_access_deniedAccess was disabled for an OAuth App that was previously approved.
org.oauth_app_access_requestedAn organization member requested that an owner grant an OAuth App access to an organization.
org.recovery_code_failedAn organization owner failed to sign into a organization with an external identity provider (IdP) using a recovery code.
org.recovery_code_usedAn organization owner successfully signed into an organization with an external identity provider (IdP) using a recovery code.
org.recovery_codes_downloadedAn organization owner downloaded the organization's SSO recovery codes.
org.recovery_codes_generatedAn organization owner generated the organization's SSO recovery codes.
org.recovery_codes_printedAn organization owner printed the organization's SSO recovery codes.
org.recovery_codes_viewedAn organization owner viewed the organization's SSO recovery codes.
org.register_self_hosted_runnerA new self-hosted runner was registered.
org.remove_actions_secretA GitHub Actions secret was removed from an organization.
org.remove_actions_variableA GitHub Actions variable was removed from an organization.
org.remove_billing_managerA billing manager was removed from an organization, either manually or due to a two-factor authentication requirement.
org.remove_integration_secretA Codespaces or Dependabot secret was removed from an organization.
org.remove_memberA member was removed from an organization, either manually or due to a two-factor authentication requirement.
org.remove_outside_collaboratorAn outside collaborator was removed from an organization, either manually or due to a two-factor authentication requirement.
org.remove_self_hosted_runnerA self-hosted runner was removed.
org.renameAn organization was renamed.
org.required_workflow_createTriggered when a required workflow is created.
org.required_workflow_deleteTriggered when a required workflow is deleted.
org.required_workflow_updateTriggered when a required workflow is updated.
org.restore_memberAn organization member was restored.
org.runner_group_createdA self-hosted runner group was created.
org.runner_group_removedA self-hosted runner group was removed.
org.runner_group_renamedA self-hosted runner group was renamed.
org.runner_group_runner_removedThe REST API was used to remove a self-hosted runner from a group.
org.runner_group_runners_addedA self-hosted runner was added to a group.
org.runner_group_runners_updatedA runner group's list of members was updated.
org.runner_group_updatedThe configuration of a self-hosted runner group was changed.
org.runner_group_visiblity_updatedThe visibility of a self-hosted runner group was updated via the REST API.
org.secret_scanning_custom_pattern_push_protection_disabledPush protection for a custom pattern for secret scanning was disabled for an organization.
org.secret_scanning_custom_pattern_push_protection_enabledPush protection for a custom pattern for secret scanning was enabled for an organization.
org.secret_scanning_push_protection_custom_message_disabledThe custom message triggered by an attempted push to a push-protected repository was disabled for an organization.
org.secret_scanning_push_protection_custom_message_enabledThe custom message triggered by an attempted push to a push-protected repository was enabled for an organization.
org.secret_scanning_push_protection_custom_message_updatedThe custom message triggered by an attempted push to a push-protected repository was updated for an organization.
org.secret_scanning_push_protection_disablePush protection for secret scanning was disabled.
org.secret_scanning_push_protection_enablePush protection for secret scanning was enabled.
org.secret_scanning_push_protection_new_repos_disablePush protection for secret scanning was disabled for all new repositories in the organization.
org.secret_scanning_push_protection_new_repos_enablePush protection for secret scanning was enabled for all new repositories in the organization.
org.self_hosted_runner_offlineThe runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
org.self_hosted_runner_onlineThe runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
org.self_hosted_runner_updatedThe runner application was updated. This event is not included in the JSON/CSV export.
org.set_actions_fork_pr_approvals_policyThe setting for requiring approvals for workflows from public forks was changed for an organization.
org.set_actions_private_fork_pr_approvals_policyThe policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an organization.
org.set_actions_retention_limitThe retention period for GitHub Actions artifacts and logs in an organization was changed.
org.set_default_workflow_permissionsThe default permissions granted to the GITHUB_TOKEN when running workflows were changed for an organization.
org.set_fork_pr_workflows_policyThe policy for workflows on private repository forks was changed.
org.set_workflow_permission_can_approve_prThe policy for allowing GitHub Actions to create and approve pull requests was changed for an organization.
org.sso_responseA SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
org.transferAn organization was transferred between enterprise accounts.
org.transfer_outgoingAn organization was transferred between enterprise accounts.
org.unblock_userA user was unblocked from an organization.
org.update_actions_secretA GitHub Actions secret was updated for an organization.
org.update_actions_settingsAn organization owner or site administrator updated GitHub Actions policy settings for an organization.
org.update_actions_variableA GitHub Actions variable was updated for an organization.
org.update_default_repository_permissionThe default repository permission level for organization members was changed.
org.update_integration_secretA Codespaces or Dependabot secret was updated for an organization.
org.update_memberA person's role was changed from owner to member or member to owner.
org.update_member_repository_creation_permissionThe create repository permission for organization members was changed.
org.update_member_repository_invitation_permissionAn organization owner changed the policy setting for organization members inviting outside collaborators to repositories.
org.update_new_repository_default_branch_settingThe name of the default branch was changed for new repositories in the organization.
org.update_saml_provider_settingsAn organization's SAML provider settings were updated.
org.update_terms_of_serviceAn organization changed between the Standard Terms of Service and the GitHub Customer Agreement.

org_credential_authorization

ActionDescription
org_credential_authorization.deauthorizeA member removed the SSO (SAML or OIDC) authorization from a credential that had access to your organization.
org_credential_authorization.grantA member authorized credentials for use with SAML or OIDC single sign-on.
org_credential_authorization.revokeAn owner revoked authorized credentials.

org_secret_scanning_automatic_validity_checks

ActionDescription
org_secret_scanning_automatic_validity_checks.disabledAutomatic partner validation checks have been disabled at the organization level
org_secret_scanning_automatic_validity_checks.enabledAutomatic partner validation checks have been enabled at the organization level

org_secret_scanning_custom_pattern

ActionDescription
org_secret_scanning_custom_pattern.createA custom pattern was created for secret scanning in an organization.
org_secret_scanning_custom_pattern.deleteA custom pattern was removed from secret scanning in an organization.
org_secret_scanning_custom_pattern.publishA custom pattern was published for secret scanning in an organization.
org_secret_scanning_custom_pattern.updateChanges to a custom pattern were saved and a dry run was executed for secret scanning in an organization.

org_secret_scanning_generic_secrets

ActionDescription
org_secret_scanning_generic_secrets.disabledGeneric secrets have been disabled at the organization level
org_secret_scanning_generic_secrets.enabledGeneric secrets have been enabled at the organization level

org_secret_scanning_non_provider_patterns

ActionDescription
org_secret_scanning_non_provider_patterns.disabledSecret scanning for non-provider patterns was disabled at the organization level.
org_secret_scanning_non_provider_patterns.enabledSecret scanning for non-provider patterns was enabled at the organization level.

org_secret_scanning_push_protection_bypass_list

ActionDescription
org_secret_scanning_push_protection_bypass_list.addA role or team was added to the push protection bypass list at the organization level.
org_secret_scanning_push_protection_bypass_list.disablePush protection settings for "Users who can bypass push protection for secret scanning" changed from "Specific roles or teams" to "Anyone with write access" at the organization level.
org_secret_scanning_push_protection_bypass_list.enablePush protection settings for "Users who can bypass push protection for secret scanning" changed from "Anyone with write access" to "Specific roles or teams" at the organization level.
org_secret_scanning_push_protection_bypass_list.removeA role or team was removed from the push protection bypass list at the organization level.

organization_default_label

ActionDescription
organization_default_label.createA default label was created for repositories in an organization.
organization_default_label.destroyA default label was deleted for repositories in an organization.
organization_default_label.updateA default label was edited for repositories in an organization.

organization_domain

ActionDescription
organization_domain.approveA domain was approved for an organization.
organization_domain.createA domain was added to an organization.
organization_domain.destroyA domain was removed from an organization.
organization_domain.verifyA domain was verified for an organization.

organization_projects_change

ActionDescription
organization_projects_change.clearAn enterprise owner cleared the policy setting for organization-wide project boards in an enterprise.
organization_projects_change.disableOrganization projects were disabled for all organizations in an enterprise.
organization_projects_change.enableOrganization projects were enabled for all organizations in an enterprise.

organization_role

ActionDescription
organization_role.assignAn organization role was assigned to a user or team.
organization_role.createA custom organization role was created in an organization.
organization_role.destroyA custom organization role was deleted in an organization.
organization_role.revokeA user or team was unassigned an organization role.
organization_role.updateA custom organization role was edited in an organization.

organization_wide_project_base_role

ActionDescription
organization_wide_project_base_role.updateAn organization's default project base role was updated.

packages

ActionDescription
packages.package_deletedAn entire package was deleted.
packages.package_publishedA package was published or republished to an organization.
packages.package_version_deletedA specific package version was deleted.
packages.package_version_publishedA specific package version was published or republished to a package.

pages_protected_domain

ActionDescription
pages_protected_domain.createA GitHub Pages verified domain was created for an organization or enterprise.
pages_protected_domain.deleteA GitHub Pages verified domain was deleted from an organization or enterprise.
pages_protected_domain.verifyA GitHub Pages domain was verified for an organization or enterprise.

payment_method

ActionDescription
payment_method.createA new payment method was added, such as a new credit card or PayPal account.
payment_method.removeA payment method was removed.
payment_method.updateAn existing payment method was updated.

personal_access_token

ActionDescription
personal_access_token.access_grantedA fine-grained personal access token was granted access to resources.
personal_access_token.access_revokedA fine-grained personal access token was revoked. The token can still read public organization resources.
personal_access_token.request_cancelledA pending request for a fine-grained personal access token to access organization resources was canceled.
personal_access_token.request_createdTriggered when a fine-grained personal access token was created to access organization resources and the organization requires approval before the token can access organization resources.
personal_access_token.request_deniedA request for a fine-grained personal access token to access organization resources was denied.

prebuild_configuration

ActionDescription
prebuild_configuration.createA GitHub Codespaces prebuild configuration for a repository was created.
prebuild_configuration.destroyA GitHub Codespaces prebuild configuration for a repository was deleted.
prebuild_configuration.run_triggeredA user initiated a run of a GitHub Codespaces prebuild configuration for a repository branch.
prebuild_configuration.updateA GitHub Codespaces prebuild configuration for a repository was edited.

private_repository_forking

ActionDescription
private_repository_forking.clearAn enterprise owner cleared the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise.
private_repository_forking.disableAn enterprise owner disabled the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise. Private and internal repositories are never allowed to be forked.
private_repository_forking.enableAn enterprise owner enabled the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise. Private and internal repositories are always allowed to be forked.

profile_picture

ActionDescription
profile_picture.updateA profile picture was updated.

project

ActionDescription
project.accessA project board visibility was changed.
project.closeA project board was closed.
project.createA project board was created.
project.deleteA project board was deleted.
project.linkA repository was linked to a project board.
project.openA project board was reopened.
project.renameA project board was renamed.
project.unlinkA repository was unlinked from a project board.
project.update_org_permissionThe project's base-level permission for all organization members was changed or removed.
project.update_team_permissionA team's project board permission level was changed or when a team was added or removed from a project board.
project.update_user_permissionA user was added to or removed from a project board or had their permission level changed.
project.visibility_privateA project's visibility was changed from public to private.
project.visibility_publicA project's visibility was changed from private to public.

project_base_role

ActionDescription
project_base_role.updateA project's base role was updated.

project_collaborator

ActionDescription
project_collaborator.addA collaborator was added to a project.
project_collaborator.removeA collaborator was removed from a project.
project_collaborator.updateA project collaborator's permission level was changed.

project_field

ActionDescription
project_field.createA field was created in a project board.
project_field.deleteA field was deleted in a project board.

project_view

ActionDescription
project_view.createA view was created in a project board.
project_view.deleteA view was deleted in a project board.

protected_branch

ActionDescription
protected_branch.authorized_users_teamsThe users, teams, or integrations allowed to bypass a branch protection were changed.
protected_branch.branch_allowancesA protected branch allowance was given to a specific user, team or integration.
protected_branch.createBranch protection was enabled on a branch.
protected_branch.destroyBranch protection was disabled on a branch.
protected_branch.dismiss_stale_reviewsEnforcement of dismissing stale pull requests was updated on a branch.
protected_branch.dismissal_restricted_users_teamsEnforcement of restricting users and/or teams who can dismiss reviews was updated on a branch.
protected_branch.policy_overrideA branch protection requirement was overridden by a repository administrator.
protected_branch.rejected_ref_updateA branch update attempt was rejected.
protected_branch.update_admin_enforcedBranch protection was enforced for repository administrators.
protected_branch.update_allow_force_pushes_enforcement_levelForce pushes were enabled or disabled for a branch.
protected_branch.update_ignore_approvals_from_contributorsIgnoring of approvals from contributors to a pull request was enabled or disabled for a branch.
protected_branch.update_lock_allows_fetch_and_mergeFork syncing was enabled or disabled for a read-only branch
protected_branch.update_lock_branch_enforcement_levelThe enforcement of a branch lock was updated.
protected_branch.update_merge_queue_enforcement_levelEnforcement of the merge queue was modified for a branch.
protected_branch.update_nameA branch name pattern was updated for a branch.
protected_branch.update_pull_request_reviews_enforcement_levelEnforcement of required pull request reviews was updated for a branch. Can be 0 (deactivated), 1 (non-admins), or 2 (everyone).
protected_branch.update_require_code_owner_reviewEnforcement of required code owner review was updated for a branch.
protected_branch.update_require_last_push_approvalSomeone other than the person who pushed the last code-modifying commit to the branch must approve pull requests for the branch.
protected_branch.update_required_approving_review_countEnforcement of the required number of approvals before merging was updated on a branch.
protected_branch.update_required_status_checks_enforcement_levelEnforcement of required status checks was updated for a branch.
protected_branch.update_signature_requirement_enforcement_levelEnforcement of required commit signing was updated for a branch.
protected_branch.update_strict_required_status_checks_policyEnforcement of required status checks was updated for a branch.

public_key

ActionDescription
public_key.createAn SSH key was added to a user account or a deploy key was added to a repository.
public_key.deleteAn SSH key was removed from a user account or a deploy key was removed from a repository.
public_key.unverification_failureA user account's SSH key or a repository's deploy key was unable to be unverified.
public_key.unverifyA user account's SSH key or a repository's deploy key was unverified.
public_key.updateA user account's SSH key or a repository's deploy key was updated.
public_key.verification_failureA user account's SSH key or a repository's deploy key was unable to be verified.
public_key.verifyA user account's SSH key or a repository's deploy key was verified.

pull_request

ActionDescription
pull_request.closeA pull request was closed without being merged.
pull_request.converted_to_draftA pull request was converted to a draft.
pull_request.createA pull request was created.
pull_request.create_review_requestA review was requested on a pull request.
pull_request.in_progressA pull request was marked as in progress.
pull_request.indirect_mergeA pull request was considered merged because the pull request's commits were merged into the target branch.
pull_request.mergeA pull request was merged.
pull_request.ready_for_reviewA pull request was marked as ready for review.
pull_request.remove_review_requestA review request was removed from a pull request.
pull_request.reopenA pull request was reopened after previously being closed.

pull_request_review_comment

ActionDescription
pull_request_review_comment.createA review comment was added to a pull request.
pull_request_review_comment.deleteA review comment on a pull request was deleted.
pull_request_review_comment.updateA review comment on a pull request was changed.

pull_request_review

ActionDescription
pull_request_review.deleteA review on a pull request was deleted.
pull_request_review.dismissA review on a pull request was dismissed.
pull_request_review.submitA review on a pull request was submitted.

repo

ActionDescription
repo.accessThe visibility of a repository changed.
repo.actions_enabledGitHub Actions was enabled for a repository.
repo.add_memberA collaborator was added to a repository.
repo.add_topicA topic was added to a repository.
repo.advanced_security_disabledGitHub Advanced Security was disabled for a repository.
repo.advanced_security_enabledGitHub Advanced Security was enabled for a repository.
repo.archivedA repository was archived.
repo.change_merge_settingPull request merge options were changed for a repository.
repo.code_scanning_analysis_deletedCode scanning analysis for a repository was deleted.
repo.code_scanning_autofix_disabledAutofix for code scanning alerts was disabled for a repository.
repo.code_scanning_autofix_enabledAutofix for code scanning alerts was enabled for a repository.
repo.code_scanning_autofix_third_party_tools_disabledAutofix for third party tools for code scanning alerts was disabled for a repository.
repo.code_scanning_autofix_third_party_tools_enabledAutofix for third party tools for code scanning alerts was enabled for a repository.
repo.code_scanning_configuration_for_branch_deletedA code scanning configuration for a branch of a repository was deleted.
repo.codeql_disabledCode scanning using the default setup was disabled for a repository.
repo.codeql_enabledCode scanning using the default setup was enabled for a repository.
repo.codeql_updatedCode scanning using the default setup was updated for a repository.
repo.codespaces_trusted_repo_access_grantedGitHub Codespaces was granted trusted repository access to this repository.
repo.codespaces_trusted_repo_access_revokedGitHub Codespaces trusted repository access to this repository was revoked.
repo.config.disable_collaborators_onlyThe interaction limit for collaborators only was disabled.
repo.config.disable_contributors_onlyThe interaction limit for prior contributors only was disabled in a repository.
repo.config.disable_sockpuppet_disallowedThe interaction limit for existing users only was disabled in a repository.
repo.config.enable_collaborators_onlyThe interaction limit for collaborators only was enabled in a repository Users that are not collaborators or organization members were unable to interact with a repository for a set duration.
repo.config.enable_contributors_onlyThe interaction limit for prior contributors only was enabled in a repository Users that are not prior contributors, collaborators or organization members were unable to interact with a repository for a set duration.
repo.config.enable_sockpuppet_disallowedThe interaction limit for existing users was enabled in a repository New users aren't able to interact with a repository for a set duration Existing users of the repository, contributors, collaborators or organization members are able to interact with a repository.
repo.createA repository was created.
repo.create_actions_secretA GitHub Actions secret was created for a repository.
repo.create_actions_variableA GitHub Actions variable was created for a repository.
repo.create_integration_secretA Codespaces or Dependabot secret was created for a repository.
repo.destroyA repository was deleted.
repo.download_zipA source code archive of a repository was downloaded as a ZIP file.
repo.pages_cnameA GitHub Pages custom domain was modified in a repository.
repo.pages_createA GitHub Pages site was created.
repo.pages_destroyA GitHub Pages site was deleted.
repo.pages_https_redirect_disabledHTTPS redirects were disabled for a GitHub Pages site.
repo.pages_https_redirect_enabledHTTPS redirects were enabled for a GitHub Pages site.
repo.pages_privateA GitHub Pages site visibility was changed to private.
repo.pages_publicA GitHub Pages site visibility was changed to public.
repo.pages_soft_deleteA GitHub Pages site was soft-deleted because its owner's plan changed.
repo.pages_soft_delete_restoreA GitHub Pages site that was previously soft-deleted was restored.
repo.pages_sourceA GitHub Pages source was modified.
repo.register_self_hosted_runnerA new self-hosted runner was registered.
repo.remove_actions_secretA GitHub Actions secret was deleted for a repository.
repo.remove_actions_variableA GitHub Actions variable was deleted for a repository.
repo.remove_integration_secretA Codespaces or Dependabot secret was deleted for a repository.
repo.remove_memberA collaborator was removed from a repository.
repo.remove_self_hosted_runnerA self-hosted runner was removed.
repo.remove_topicA topic was removed from a repository.
repo.renameA repository was renamed.
repo.self_hosted_runner_offlineThe runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
repo.self_hosted_runner_onlineThe runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
repo.self_hosted_runner_updatedThe runner application was updated. This event is not included in the JSON/CSV export.
repo.set_actions_fork_pr_approvals_policyThe setting for requiring approvals for workflows from public forks was changed for a repository.
repo.set_actions_private_fork_pr_approvals_policyThe policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for a repository.
repo.set_actions_retention_limitThe retention period for GitHub Actions artifacts and logs in a repository was changed.
repo.set_default_workflow_permissionsThe default permissions granted to the GITHUB_TOKEN when running workflows were changed for a repository.
repo.set_fork_pr_workflows_policyTriggered when the policy for workflows on private repository forks is changed.
repo.set_workflow_permission_can_approve_prThe policy for allowing GitHub Actions to create and approve pull requests was changed for a repository.
repo.staff_unlockAn enterprise owner or GitHub staff (with permission from a repository administrator) temporarily unlocked the repository.
repo.temporary_access_grantedTemporary access was enabled for a repository.
repo.transferA user accepted a request to receive a transferred repository.
repo.transfer_outgoingA repository was transferred to another repository network.
repo.transfer_startA user sent a request to transfer a repository to another user or organization.
repo.unarchivedA repository was unarchived.
repo.update_actions_access_settingsThe setting to control how a repository was used by GitHub Actions workflows in other repositories was changed.
repo.update_actions_secretA GitHub Actions secret was updated for a repository.
repo.update_actions_settingsA repository administrator changed GitHub Actions policy settings for a repository.
repo.update_actions_variableA GitHub Actions variable was updated for a repository.
repo.update_default_branchThe default branch for a repository was changed.
repo.update_integration_secretA Codespaces or Dependabot secret was updated for a repository.
repo.update_memberA user's permission to a repository was changed.

repository_advisory

ActionDescription
repository_advisory.closeSomeone closed a security advisory.
repository_advisory.cve_requestSomeone requested a CVE (Common Vulnerabilities and Exposures) number from GitHub for a draft security advisory.
repository_advisory.github_broadcastGitHub made a security advisory public in the GitHub Advisory Database.
repository_advisory.github_withdrawGitHub withdrew a security advisory that was published in error.
repository_advisory.openSomeone opened a draft security advisory.
repository_advisory.publishSomeone published a security advisory.
repository_advisory.reopenSomeone reopened as draft security advisory.
repository_advisory.updateSomeone edited a draft or published security advisory.

repository_branch_protection_evaluation

ActionDescription
repository_branch_protection_evaluation.disableBranch protections were disabled for the repository.
repository_branch_protection_evaluation.enableBranch protections were enabled for this repository.

repository_content_analysis

ActionDescription
repository_content_analysis.disableData use settings were disabled for a private repository.
repository_content_analysis.enableData use settings were enabled for a private repository.

repository_dependency_graph

ActionDescription
repository_dependency_graph.disableThe dependency graph was disabled for a private repository.
repository_dependency_graph.enableThe dependency graph was enabled for a private repository.

repository_image

ActionDescription
repository_image.createAn image to represent a repository was uploaded.
repository_image.destroyAn image to represent a repository was deleted.

repository_invitation

ActionDescription
repository_invitation.acceptAn invitation to join a repository was accepted.
repository_invitation.cancelAn invitation to join a repository was canceled.
repository_invitation.createAn invitation to join a repository was sent.
repository_invitation.rejectAn invitation to join a repository was declined.

repository_projects_change

ActionDescription
repository_projects_change.clearThe repository projects policy was removed for an organization, or all organizations in the enterprise Organization owners can now control their repository projects settings.
repository_projects_change.disableRepository projects were disabled for a repository, all repositories in an organization, or all organizations in an enterprise.
repository_projects_change.enableRepository projects were enabled for a repository, all repositories in an organization, or all organizations in an enterprise.

repository_ruleset

ActionDescription
repository_ruleset.createA repository ruleset was created.
repository_ruleset.destroyA repository ruleset was deleted.
repository_ruleset.updateA repository ruleset was edited.

repository_secret_scanning_automatic_validity_checks

ActionDescription
repository_secret_scanning_automatic_validity_checks.disabledAutomatic partner validation checks have been disabled at the repository level
repository_secret_scanning_automatic_validity_checks.enabledAutomatic partner validation checks have been enabled at the repository level

repository_secret_scanning_custom_pattern

ActionDescription
repository_secret_scanning_custom_pattern.createA custom pattern was created for secret scanning in a repository.
repository_secret_scanning_custom_pattern.deleteA custom pattern was removed from secret scanning in a repository.
repository_secret_scanning_custom_pattern.publishA custom pattern was published for secret scanning in a repository.
repository_secret_scanning_custom_pattern.updateChanges to a custom pattern were saved and a dry run was executed for secret scanning in a repository.

repository_secret_scanning_custom_pattern_push_protection

ActionDescription
repository_secret_scanning_custom_pattern_push_protection.disabledPush protection for a custom pattern for secret scanning was disabled for your repository.
repository_secret_scanning_custom_pattern_push_protection.enabledPush protection for a custom pattern for secret scanning was enabled for your repository.

repository_secret_scanning

ActionDescription
repository_secret_scanning.disableSecret scanning was disabled for a repository.
repository_secret_scanning.enableSecret scanning was enabled for a repository.

repository_secret_scanning_generic_secrets

ActionDescription
repository_secret_scanning_generic_secrets.disabledGeneric secrets have been disabled at the repository level
repository_secret_scanning_generic_secrets.enabledGeneric secrets have been enabled at the repository level

repository_secret_scanning_non_provider_patterns

ActionDescription
repository_secret_scanning_non_provider_patterns.disabledSecret scanning for non-provider patterns was disabled at the repository level.
repository_secret_scanning_non_provider_patterns.enabledSecret scanning for non-provider patterns was enabled at the repository level.

repository_secret_scanning_push_protection_bypass_list

ActionDescription
repository_secret_scanning_push_protection_bypass_list.addA role or team was added to the push protection bypass list at the repository level.
repository_secret_scanning_push_protection_bypass_list.disablePush protection settings for "Users who can bypass push protection for secret scanning" changed from "Specific roles or teams" to "Anyone with write access" at the repository level.
repository_secret_scanning_push_protection_bypass_list.enablePush protection settings for "Users who can bypass push protection for secret scanning" changed from "Anyone with write access" to "Specific roles or teams" at the repository level.
repository_secret_scanning_push_protection_bypass_list.removeA role or team was removed from the push protection bypass list at the repository level.

repository_secret_scanning_push_protection

ActionDescription
repository_secret_scanning_push_protection.disableSecret scanning push protection was disabled for a repository.
repository_secret_scanning_push_protection.enableSecret scanning push protection was enabled for a repository.

repository_security_configuration

ActionDescription
repository_security_configuration.appliedA code security configuration was applied to a repository.
repository_security_configuration.failedA code security configuration failed to attach to the repository.
repository_security_configuration.removedA code security configuration was removed from a repository.
repository_security_configuration.removed_by_settings_changeA code security configuration was removed due to a change in repository or enterprise settings.

repository_visibility_change

ActionDescription
repository_visibility_change.clearThe repository visibility change setting was cleared for an organization or enterprise.
repository_visibility_change.disableThe ability for enterprise members to update a repository's visibility was disabled. Members are unable to change repository visibilities in an organization, or all organizations in an enterprise.
repository_visibility_change.enableThe ability for enterprise members to update a repository's visibility was enabled. Members are able to change repository visibilities in an organization, or all organizations in an enterprise.

repository_vulnerability_alert

ActionDescription
repository_vulnerability_alert.auto_dismissA Dependabot alert was automatically dismissed because its metadata matches an enabled Dependabot rule.
repository_vulnerability_alert.auto_reopenA previously auto-dismissed Dependabot alert was automatically reopened because its metadata no longer matches an enabled Dependabot rule.
repository_vulnerability_alert.createGitHub created a Dependabot alert because the repository uses a vulnerable dependency.
repository_vulnerability_alert.dismissA Dependabot alert was manually dismissed.
repository_vulnerability_alert.reintroduceA Dependabot alert was automatically reopened because the repository resumed use of a vulnerable dependency.
repository_vulnerability_alert.reopenA Dependabot alert was manually reopened.
repository_vulnerability_alert.resolveChanges were pushed to update and resolve a Dependabot alert in a project dependency.

repository_vulnerability_alerts

ActionDescription
repository_vulnerability_alerts.authorized_users_teamsThe list of people or teams authorized to receive Dependabot alerts for the repository was updated.
repository_vulnerability_alerts.disableDependabot alerts was disabled.
repository_vulnerability_alerts.enableDependabot alerts was enabled.

repository_vulnerability_alerts_auto_dismissal

ActionDescription
repository_vulnerability_alerts_auto_dismissal.disableAutomatic dismissal of low-impact Dependabot alerts was disabled for the repository.
repository_vulnerability_alerts_auto_dismissal.enableAutomatic dismissal of low-impact Dependabot alerts was enabled for the repository.

required_status_check

ActionDescription
required_status_check.createA status check was marked as required for a protected branch.
required_status_check.destroyA status check was no longer marked as required for a protected branch.

restrict_notification_delivery

ActionDescription
restrict_notification_delivery.disableEmail notification restrictions for an organization or enterprise were disabled.
restrict_notification_delivery.enableEmail notification restrictions for an organization or enterprise were enabled.

role

ActionDescription
role.createA new custom repository role was created.
role.destroyA custom repository role was deleted.
role.updateA custom repository role was edited.

secret_scanning_alert

ActionDescription
secret_scanning_alert.createGitHub detected a secret and created a secret scanning alert.
secret_scanning_alert.public_leakA secret scanning alert was leaked in a public repo.
secret_scanning_alert.reopenA secret scanning alert was reopened.
secret_scanning_alert.reportA leaked secret was reported to the secret's provider by secret scanning.
secret_scanning_alert.resolveA secret scanning alert was resolved.
secret_scanning_alert.revokeA secret scanning alert was revoked.
secret_scanning_alert.validateA secret scanning alert was validated.

secret_scanning

ActionDescription
secret_scanning.disableSecret scanning was disabled for all existing repositories.
secret_scanning.enableSecret scanning was enabled for all existing repositories.

secret_scanning_new_repos

ActionDescription
secret_scanning_new_repos.disableSecret scanning was disabled for all new repositories.
secret_scanning_new_repos.enableSecret scanning was enabled for all new repositories.

secret_scanning_push_protection

ActionDescription
secret_scanning_push_protection.bypassTriggered when a user bypasses the push protection on a secret detected by secret scanning.

secret_scanning_push_protection_request

ActionDescription
secret_scanning_push_protection_request.approveA request to bypass secret scanning push protection was approved by a user.
secret_scanning_push_protection_request.denyA request to bypass secret scanning push protection was denied by a user.
secret_scanning_push_protection_request.requestA user requested to bypass secret scanning push protection.

security_configuration

ActionDescription
security_configuration.createA security configuration was created
security_configuration.deleteA security configuration was deleted
security_configuration.updateA security configuration was updated

security_configuration_default

ActionDescription
security_configuration_default.deleteA default security configuration setting for new repositories was removed.
security_configuration_default.updateA default security configuration setting for new repositories was updated.

security_configuration_policy

ActionDescription
security_configuration_policy.updateA security configuration policy was updated

sponsors

ActionDescription
sponsors.agreement_signA GitHub Sponsors agreement was signed on behalf of an organization.
sponsors.custom_amount_settings_changeCustom amounts for GitHub Sponsors were enabled or disabled, or the suggested custom amount was changed.
sponsors.fiscal_host_changeThe fiscal host for a GitHub Sponsors listing was updated.
sponsors.repo_funding_links_file_actionThe FUNDING file in a repository was changed.
sponsors.sponsor_sponsorship_cancelA sponsorship was canceled.
sponsors.sponsor_sponsorship_createA sponsorship was created, by sponsoring an account.
sponsors.sponsor_sponsorship_payment_completeAfter you sponsor an account and a payment has been processed, the sponsorship payment was marked as complete.
sponsors.sponsor_sponsorship_preference_changeThe option to receive email updates from a sponsored account was changed.
sponsors.sponsor_sponsorship_tier_changeA sponsorship was upgraded or downgraded.
sponsors.sponsored_developer_approveA GitHub Sponsors account was approved.
sponsors.sponsored_developer_createA GitHub Sponsors account was created.
sponsors.sponsored_developer_disableA GitHub Sponsors account was disabled.
sponsors.sponsored_developer_profile_updateThe profile for GitHub Sponsors account was edited.
sponsors.sponsored_developer_redraftA GitHub Sponsors account was returned to draft state from approved state.
sponsors.sponsored_developer_request_approvalAn application for GitHub Sponsors was submitted for approval.
sponsors.sponsored_developer_tier_description_updateThe description for a sponsorship tier was changed.
sponsors.sponsors_patreon_user_createA Patreon account was linked to a user account for use with GitHub Sponsors.
sponsors.sponsors_patreon_user_destroyA Patreon account for use with GitHub Sponsors was unlinked from a user account.
sponsors.update_tier_repositoryA GitHub Sponsors tier changed access for a repository.
sponsors.update_tier_welcome_messageThe welcome message for a GitHub Sponsors tier for an organization was updated.
sponsors.withdraw_agreement_signatureA signature was withdrawn from a GitHub Sponsors agreement that applies to an organization.

ssh_certificate_authority

ActionDescription
ssh_certificate_authority.createAn SSH certificate authority for an organization or enterprise was created.
ssh_certificate_authority.destroyAn SSH certificate authority for an organization or enterprise was deleted.

ssh_certificate_requirement

ActionDescription
ssh_certificate_requirement.disableThe requirement for members to use SSH certificates to access an organization resources was disabled.
ssh_certificate_requirement.enableThe requirement for members to use SSH certificates to access an organization resources was enabled.

sso_redirect

ActionDescription
sso_redirect.disableAutomatic redirects for users to single sign-on (SSO) was disabled.
sso_redirect.enableAutomatic redirects for users to single sign-on (SSO) was enabled.

staff

ActionDescription
staff.set_domain_token_expirationThe verification code expiry time for an organization or enterprise domain was set.
staff.unverify_domainAn organization or enterprise domain was unverified.
staff.verify_domainAn organization or enterprise domain was verified.

team

ActionDescription
team.add_memberA member of an organization was added to a team.
team.add_repositoryA team was given access and permissions to a repository.
team.change_parent_teamA child team was created or a child team's parent was changed.
team.change_privacyA team's privacy level was changed.
team.createA new team is created.
team.demote_maintainerA user was demoted from a team maintainer to a team member.
team.destroyA team was deleted.
team.promote_maintainerA user was promoted from a team member to a team maintainer.
team.remove_memberAn organization member was removed from a team.
team.remove_repositoryA repository was removed from a team's control.
team.renameA team's name was changed.
team.update_repository_permissionA team's permission to a repository was changed.

team_discussions

ActionDescription
team_discussions.clearAn organization owner cleared the setting to allow team discussions for an organization or enterprise.
team_discussions.disableTeam discussions were disabled for an organization.
team_discussions.enableTeam discussions were enabled for an organization.

team_sync_tenant

ActionDescription
team_sync_tenant.disabledTeam synchronization with a tenant was disabled.
team_sync_tenant.enabledTeam synchronization with a tenant was enabled.
team_sync_tenant.update_okta_credentialsThe Okta credentials for team synchronization with a tenant were changed.

user_email

ActionDescription
user_email.confirm_claimAn enterprise managed user claimed an email address.

user_license

ActionDescription
user_license.createA seat license for a user in an enterprise was created.
user_license.destroyA seat license for a user in an enterprise was deleted.
user_license.updateA seat license type for a user in an enterprise was changed.

vulnerability_alert_rule

ActionDescription
vulnerability_alert_rule.createA Dependabot rule was created.
vulnerability_alert_rule.deleteA Dependabot rule was deleted.
vulnerability_alert_rule.disableA Dependabot rule was disabled for a single repository or disabled by default for an organization.
vulnerability_alert_rule.enableA Dependabot rule was enabled for a single repository or enabled by default for an organization.
vulnerability_alert_rule.force_disableA Dependabot rule was enabled for an organization and cannot be disabled for its repositories.
vulnerability_alert_rule.force_enableA Dependabot rule was disabled for an organization and cannot be enabled for its repositories.
vulnerability_alert_rule.updateA Dependabot rule's conditions, actions, or metadata changed.

workflows

ActionDescription
workflows.approve_workflow_jobA workflow job was approved.
workflows.cancel_workflow_runA workflow run was cancelled.
workflows.completed_workflow_runA workflow status changed to completed. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
workflows.created_workflow_runA workflow run was create. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
workflows.delete_workflow_runA workflow run was deleted.
workflows.disable_workflowA workflow was disabled.
workflows.enable_workflowA workflow was enabled, after previously being disabled by disable_workflow.
workflows.pin_workflowA workflow was pinned.
workflows.prepared_workflow_jobA workflow job was started. Includes the list of secrets that were provided to the job. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
workflows.reject_workflow_jobA workflow job was rejected.
workflows.rerun_workflow_runA workflow run was re-run.
workflows.unpin_workflowA workflow was unpinned after previously being pinned.