You can review your account's security log to better understand the actions you've performed in the last 90 days.

Accessing your security log

The security log lists the last 50 actions or those performed within the last 90 days.

  1. In the upper-right corner of any page, click your profile photo, then click Settings. Settings icon in the user bar
  2. In the user settings sidebar, click Security. Security settings sidebar

  3. Under "Security history," your log is displayed. Security log

  4. Click on an entry to see more information about the event. Security log

Understanding events in the security log

Actions listed in the audit log are grouped within the following categories:

Category Name Description
oauth_access Contains all activities related to OAuth applications you've connected with.
public_key Contains all activities related to your public SSH keys.
repo Contains all activities related to the repositories you own.
team Contains all activities related to teams you are a part of.
two_factor_authentication Contains all activities related to two-factor authentication.
user Contains all activities related to your account.

A description of the events within these categories is listed below.

The oauth_access category

Action Description
create Triggered when you grant OAuth access to a third-party application.
destroy Triggered when you revoke OAuth access to a third-party application.

The public_key category

Action Description
create Triggered when you add a new public SSH key to your GitHub Enterprise account.
delete Triggered when you remove a public SSH key to your GitHub Enterprise account.

The repo category

Action Description
access Triggered when you a repository you own is switched from "private" to "public" (or vice versa).
add_member Triggered when a GitHub Enterprise user is given collaboration access to a repository.
create Triggered when a new repository is created.
destroy Triggered when a repository is deleted.
remove_member Triggered when a GitHub Enterprise user is removed from a repository as a collaborator.
rename Triggered when a repository is renamed.
transfer Triggered when a repository is transferred.
transfer_start Triggered when a repository transfer is about to occur.

The team category

Action Description
add_member Triggered when a member of an organization you belong to adds you to a team.
add_repository Triggered when a team you are a member of is given control of a repository.
create Triggered when a new team in an organization you belong to is created.
destroy Triggered when a team you are a member of is deleted from the organization.
remove_member Triggered when a member of an organization is removed from a team you are a member of.
remove_repository Triggered when a repository is no longer under a team's control.

The two_factor_authentication category

Action Description
enabled Triggered when two-factor authentication is enabled.
disabled Triggered when two-factor authentication is disabled.

The user category

Action Description
add_email Triggered when you add a new email address.
create Triggered when you create a new user account.
remove_email Triggered when you remove an email address.
rename Triggered when you rename your account.
change_password Triggered when you change your password.
forgot_password Triggered when you ask for a password reset.
login Triggered when you log in to your GitHub Enterprise instance.
failed_login Triggered when you failed to log in successfully.
two_factor_requested Triggered when GitHub Enterprise asks you for your two-factor authentication code.