Use the security log to review actions your account has performed on GitHub Enterprise.
Accessing your security log
The security log lists the last 50 actions or those performed within the last 90 days.
- In the top right corner of any page, click .
In the user settings sidebar, click Security.
Under "Security history," your log is displayed.
- Click on an entry to see more information about the event.
Understanding events in the security log
Actions listed in the audit log are grouped within the following categories:
| Category Name | Description |
|---|
| oauth_access | Contains all activities related to OAuth applications you've connected with.
| public_key | Contains all activities related to your public SSH keys.
| repo | Contains all activities related to the repositories you own.
| two_factor_authentication | Contains all activities related to two-factor authentication.
| user | Contains all activities related to your account.
A description of the events within these categories is listed below.
The oauth_access category
| Action | Description |
|---|---|
| create | Triggered when you grant OAuth access to a third-party application. |
| destroy | Triggered when you revoke OAuth access to a third-party application. |
The public_key category
| Action | Description |
|---|---|
| create | Triggered when you add a new public SSH key to your GitHub Enterprise account. |
| delete | Triggered when you remove a public SSH key to your GitHub Enterprise account. |
The repo category
| Action | Description |
|---|---|
| access | Triggered when you a repository you own is switched from "private" to "public" (or vice versa). |
| add_member | Triggered when a GitHub Enterprise user is given collaboration access to a repository. |
| create | Triggered when a new repository is created. |
| destroy | Triggered when a repository is deleted. |
| remove_member | Triggered when a GitHub Enterprise user is removed from a repository as a collaborator. | rename | Triggered when a repository is renamed. | transfer | Triggered when a repository is transferred. | transfer_start | Triggered when a repository transfer is about to occur.
The two_factor_authentication category
| Action | Description |
|---|---|
| enabled | Triggered when two-factor authentication is enabled. |
| disabled | Triggered when two-factor authentication is disabled. |
The user category
| Action | Description |
|---|---|
| add_email | Triggered when you add a new email address. |
| create | Triggered when you create a new user account. |
| remove_email | Triggered when you remove an email address. |
| rename | Triggered when you rename your account. |
| change_password | Triggered when you change your password. |
| forgot_password | Triggered when you ask for a password reset. |
| login | Triggered when you log in to your GitHub Enterprise instance. |
| failed_login | Triggered when you failed to log in successfully. |
| two_factor_requested | Triggered when GitHub Enterprise asks you for your two-factor authentication code. |
