GitHub AE is currently under limited release. Please contact our Sales Team to find out more.

Reviewing your security log

You can review the security log for your user account to better understand actions you've performed and actions others have performed that involve you.

In this article

Accessing your security log

The security log lists all actions performed within the last 90 days.

  1. In the upper-right corner of any page, click your profile photo, then click Settings. Settings icon in the user bar

  2. In the user settings sidebar, click Security log. Security log tab

Searching your security log

The log lists the following information about each action:

  • Which repository an action was performed in
  • The user that performed the action
  • The action that was performed
  • Which country the action took place in
  • The date and time the action occurred

Note that you cannot search for entries using text. You can, however, construct search queries using a variety of filters. Many operators used when querying the log, such as -, >, or <, match the same format as searching across GitHub AE. For more information, see "Searching on GitHub."

Search based on operation

Use the operation qualifier to limit actions to specific types of operations. For example:

  • operation:access finds all events where a resource was accessed.
  • operation:authentication finds all events where an authentication event was performed.
  • operation:create finds all events where a resource was created.
  • operation:modify finds all events where an existing resource was modified.
  • operation:remove finds all events where an existing resource was removed.
  • operation:restore finds all events where an existing resource was restored.
  • operation:transfer finds all events where an existing resource was transferred.

Search based on repository

Use the repo qualifier to limit actions to a specific repository. For example:

  • repo:my-org/our-repo finds all events that occurred for the our-repo repository in the my-org organization.
  • repo:my-org/our-repo repo:my-org/another-repo finds all events that occurred for both the our-repo and another-repo repositories in the my-org organization.
  • -repo:my-org/not-this-repo excludes all events that occurred for the not-this-repo repository in the my-org organization.

Note that you must include the account name within the repo qualifier; searching for just repo:our-repo will not work.

Search based on the user

The actor qualifier can scope events based on who performed the action. For example:

  • actor:octocat finds all events performed by octocat.
  • actor:octocat actor:hubot finds all events performed by both octocat and hubot.
  • -actor:hubot excludes all events performed by hubot.

Note that you can only use a GitHub AE username, not an individual's real name.

Search based on the action performed

The events listed in your security log are triggered by your actions. Actions are grouped into the following categories:

Category nameDescription
oauth_accessContains all activities related to OAuth Apps you've connected with.
profile_pictureContains all activities related to your profile picture.
projectContains all activities related to project boards.
public_keyContains all activities related to your public SSH keys.
repoContains all activities related to the repositories you own.
teamContains all activities related to teams you are a part of.
userContains all activities related to your account.

Security log actions

An overview of some of the most common actions that are recorded as events in the security log.

oauth_access category actions

ActionDescription
createTriggered when you grant access to an OAuth App.
destroyTriggered when you revoke an OAuth App's access to your account.

profile_picture category actions

ActionDescription
updateTriggered when you set or update your profile picture.

project category actions

ActionDescription
accessTriggered when a project board's visibility is changed.
createTriggered when a project board is created.
renameTriggered when a project board is renamed.
updateTriggered when a project board is updated.
deleteTriggered when a project board is deleted.
linkTriggered when a repository is linked to a project board.
unlinkTriggered when a repository is unlinked from a project board.
update_user_permissionTriggered when an outside collaborator is added to or removed from a project board or has their permission level changed.

public_key category actions

ActionDescription
createTriggered when you add a new public SSH key to your GitHub AE account.
deleteTriggered when you remove a public SSH key to your GitHub AE account.

repo category actions

ActionDescription
accessTriggered when you a repository you own is switched from "private" to "public" (or vice versa).
add_memberTriggered when a GitHub AE user is given collaboration access to a repository.
add_topicTriggered when a repository owner adds a topic to a repository.
archivedTriggered when a repository owner archives a repository.
createTriggered when a new repository is created.
destroyTriggered when a repository is deleted.
remove_memberTriggered when a GitHub AE user is removed from a repository as a collaborator.
remove_topicTriggered when a repository owner removes a topic from a repository.
renameTriggered when a repository is renamed.
transferTriggered when a repository is transferred.
transfer_startTriggered when a repository transfer is about to occur.
unarchivedTriggered when a repository owner unarchives a repository.

team category actions

ActionDescription
add_memberTriggered when a member of an organization you belong to adds you to a team.
add_repositoryTriggered when a team you are a member of is given control of a repository.
createTriggered when a new team in an organization you belong to is created.
destroyTriggered when a team you are a member of is deleted from the organization.
remove_memberTriggered when a member of an organization is removed from a team you are a member of.
remove_repositoryTriggered when a repository is no longer under a team's control.

user category actions

ActionDescription
add_emailTriggered when you add a new email address.
createTriggered when you create a new user account.
hide_private_contributions_countTriggered when you hide private contributions on your profile.
loginTriggered when you log in to your enterprise.
mandatory_message_viewedTriggered when you view a mandatory message (see "Customizing user messages" for details)
failed_loginTriggered when you failed to log in successfully.
remove_emailTriggered when you remove an email address.
renameTriggered when you rename your account.
show_private_contributions_countTriggered when you publicize private contributions on your profile.

user_status category actions

ActionDescription
updateTriggered when you set or change the status on your profile. For more information, see "Setting a status."
destroyTriggered when you clear the status on your profile.

Did this doc help you?

Privacy policy

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Or, learn how to contribute.