The security log lists all actions performed within the last 90 days.
In the upper-right corner of any page, click your profile photo, then click Settings.
In the user settings sidebar, click Security log.
The log lists the following information about each action:
- Which repository an action was performed in
- The user that performed the action
- The action that was performed
- Which country the action took place in
- The date and time the action occurred
Note that you cannot search for entries using text. You can, however, construct search queries using a variety of filters. Many operators used when querying the log, such as
<, match the same format as searching across GitHub. For more information, see "Searching on GitHub."
operation qualifier to limit actions to specific types of operations. For example:
operation:access finds all events where a resource was accessed.
operation:authentication finds all events where an authentication event was performed.
operation:create finds all events where a resource was created.
operation:modify finds all events where an existing resource was modified.
operation:remove finds all events where an existing resource was removed.
operation:restore finds all events where an existing resource was restored.
operation:transfer finds all events where an existing resource was transferred.
repo qualifier to limit actions to a specific repository. For example:
repo:my-org/our-repo finds all events that occurred for the
our-repo repository in the
repo:my-org/our-repo repo:my-org/another-repo finds all events that occurred for both the
another-repo repositories in the
-repo:my-org/not-this-repo excludes all events that occurred for the
not-this-repo repository in the
Note that you must include the account name within the
repo qualifier; searching for just
repo:our-repo will not work.
actor qualifier can scope events based on who performed the action. For example:
actor:octocat finds all events performed by
actor:octocat actor:hubot finds all events performed by both
-actor:hubot excludes all events performed by
Note that you can only use a GitHub username, not an individual's real name.
The events listed in your security log are triggered by your actions. Actions are grouped into the following categories:
You can export the log as JSON data or a comma-separated value (CSV) file.
To filter the results in your export, search by one or more of these supported qualifiers before using the Export drop-down menu.
After you export the log as JSON or CSV, you'll see the following keys and values in the resulting file.
|1429548104000 (Timestamp shows the time since Epoch with milliseconds.)|
|["issues", "issue_comment", "pull_request", "pull_request_review_comment"]|
|["push", "pull_request", "issues"]|
An overview of some of the most common actions that are recorded as events in the security log.
|Triggered when you sign the GitHub Marketplace Developer Agreement.|
|Triggered when your listing is approved for inclusion in GitHub Marketplace.|
|Triggered when you create a listing for your app in GitHub Marketplace.|
|Triggered when your listing is removed from GitHub Marketplace.|
|Triggered when your listing is sent back to draft state.|
|Triggered when your listing is not accepted for inclusion in GitHub Marketplace.|
|Triggered when a payment method on file is removed.|
|Triggered when a new payment method is added, such as a new credit card or PayPal account.|
|Triggered when an existing payment method is updated.|
|Triggered when a project board's visibility is changed.|
|Triggered when a project board is created.|
|Triggered when a project board is renamed.|
|Triggered when a project board is updated.|
|Triggered when a project board is deleted.|
|Triggered when a repository is linked to a project board.|
|Triggered when a repository is unlinked from a project board.|
|Triggered when an outside collaborator is added to or removed from a project board or has their permission level changed.|
|Triggered when two-factor authentication is enabled.|
|Triggered when two-factor authentication is disabled.|
|Triggered when you add a new email address.|
|Triggered when you [allow the codespaces you create for a repository to access other repositories owned by your user account](/github/developing-online-with-codespaces/managing-access-and-security-for-codespaces.|
|Triggered when you [disallow the codespaces you create for a repository to access other repositories owned by your user account](/github/developing-online-with-codespaces/managing-access-and-security-for-codespaces.|
|Triggered when you create a new user account.|
|Triggered when you change your password.|
|Triggered when you ask for a password reset.|
|Triggered when you hide private contributions on your profile.|
|Triggered when you log in to GitHub.|
|Triggered when you failed to log in successfully.|
|Triggered when you remove an email address.|
|Triggered when you rename your account.|
|Triggered when you report an issue or pull request, or a comment on an issue, pull request, or commit.|
|Triggered when you publicize private contributions on your profile.|
|Triggered when GitHub asks you for your two-factor authentication code.|
|Triggered when you set or change the status on your profile. For more information, see "Setting a status."|
|Triggered when you clear the status on your profile.|