Notes:
-
This article contains the events that may appear in the audit log for an enterprise. For the events that can appear in a user account's security log or the audit log for an organization, see "Security log events" and "Audit log events for your organization."
-
This article contains the events that may appear in the enterprise settings, specifically. The audit log in the site admin dashboard may contain additional events not listed here.
artifact
category actions
Action | Description |
---|---|
artifact.destroy | A workflow run artifact was manually deleted. |
business
category actions
Action | Description |
---|---|
business.add_admin | An enterprise owner or site administrator was added to an enterprise. |
business.add_organization | An organization was added to an enterprise. |
business.advanced_security_policy_update | An enterprise owner or site administrator created, updated, or removed a policy for GitHub Advanced Security. For more information, see "Enforcing policies for code security and analysis for your enterprise." |
business.clear_actions_settings | An enterprise owner or site administrator cleared GitHub Actions policy settings for an enterprise. For more information, see "Enforcing policies for GitHub Actions in your enterprise." |
business.clear_default_repository_permission | An enterprise owner or site administrator cleared the base repository permission policy setting for an enterprise. For more information, see "Enforcing repository management policies in your enterprise." |
business.clear_members_can_create_repos | An enterprise owner or site administrator cleared a restriction on repository creation in organizations in the enterprise. For more information, see "Enforcing repository management policies in your enterprise." |
business.create | An enterprise was created. |
business.disable_two_factor_requirement | The requirement for members to have two-factor authentication enabled to access an enterprise was disabled. |
business.enable_two_factor_requirement | The requirement for members to have two-factor authentication enabled to access an enterprise was enabled. |
business.members_can_update_protected_branches.clear | An enterprise owner or site administrator unset a policy for whether members of an enterprise can update protected branches on repositories for individual organizations. Organization owners can choose whether to allow updating protected branches settings. |
business.members_can_update_protected_branches.disable | The ability for enterprise members to update branch protection rules was disabled. Only enterprise owners can update protected branches. |
business.members_can_update_protected_branches.enable | The ability for enterprise members to update branch protection rules was enabled. Enterprise owners and members can update protected branches. |
business.remove_admin | An enterprise owner or site administrator was removed from an enterprise. |
business.referrer_override_enable | An enterprise owner or site administrator enabled the referrer policy override. For more information, see "Configuring the referrer policy for your enterprise." |
business.referrer_override_disable | An enterprise owner or site administrator disabled the referrer policy override. For more information, see "Configuring the referrer policy for your enterprise." |
business.remove_organization | An organization was removed from an enterprise. |
business.rename_slug | The slug for the enterprise URL was renamed. |
business.set_actions_retention_limit | The retention period for GitHub Actions artifacts and logs was changed for an enterprise. For more information, see "Enforcing policies for GitHub Actions in your enterprise." |
business.set_fork_pr_workflows_policy | The policy for workflows on private repository forks was changed. For more information, see "Enabling workflows for private repository forks." |
business.update_actions_settings | An enterprise owner or site administrator updated GitHub Actions policy settings for an enterprise. For more information, see "Enforcing policies for GitHub Actions in your enterprise." |
business.update_default_repository_permission | The base repository permission setting was updated for all organizations in an enterprise. For more information, see "Enforcing repository management policies in your enterprise." |
business.update_member_repository_creation_permission | The repository creation setting was updated for an enterprise. For more information, see "Enforcing repository management policies in your enterprise." |
business.update_member_repository_invitation_permission | The policy setting for enterprise members inviting outside collaborators to repositories was updated. For more information, see "Enforcing repository management policies in your enterprise." |
business_secret_scanning_custom_pattern
category actions
Action | Description |
---|---|
business_secret_scanning_custom_pattern.create | An enterprise-level custom pattern was created for secret scanning. For more information, see "Defining custom patterns for secret scanning." |
business_secret_scanning_custom_pattern.delete | An enterprise-level custom pattern was removed from secret scanning. |
business_secret_scanning_custom_pattern.publish | An enterprise-level custom pattern was published for secret scanning. |
business_secret_scanning_custom_pattern.update | Changes to an enterprise-level custom pattern were saved and a dry run was executed for secret scanning. |
checks
category actions
Action | Description |
---|---|
checks.auto_trigger_disabled | Automatic creation of check suites was disabled on a repository in the organization or enterprise. For more information, see "Checks." |
checks.auto_trigger_enabled | Automatic creation of check suites was enabled on a repository in the organization or enterprise. For more information, see "Checks." |
config_entry
category actions
Action | Description |
---|---|
config_entry.create | A configuration setting was created. These events are only visible in the site admin audit log. The type of events recorded relate to: - Enterprise settings and policies - Organization and repository permissions and settings - Git, Git LFS, GitHub Connect, GitHub Packages, project, and code security settings. |
config_entry.destroy | A configuration setting was deleted. These events are only visible in the site admin audit log. The type of events recorded relate to: - Enterprise settings and policies - Organization and repository permissions and settings - Git, Git LFS, GitHub Connect, GitHub Packages, project, and code security settings. |
config_entry.update | A configuration setting was edited. These events are only visible in the site admin audit log. The type of events recorded relate to: - Enterprise settings and policies - Organization and repository permissions and settings - Git, Git LFS, GitHub Connect, GitHub Packages, project, and code security settings. |
dependabot_alerts
category actions
Action | Description |
---|---|
dependabot_alerts.disable | An enterprise owner or site administrator disabled Dependabot alerts for all existing repositories. For more information, see "Managing security and analysis settings for your organization." |
dependabot_alerts.enable | An enterprise owner or site administrator enabled Dependabot alerts for all existing repositories. |
dependabot_alerts_new_repos
category actions
Action | Description |
---|---|
dependabot_alerts_new_repos.disable | An enterprise owner or site administrator disabled Dependabot alerts for all new repositories. For more information, see "Managing security and analysis settings for your organization." |
dependabot_alerts_new_repos.enable | An enterprise owner or site administrator enabled Dependabot alerts for all new repositories. |
dependabot_repository_access
category actions
Action | Description |
---|---|
dependabot_repository_access.repositories_updated | The repositories that Dependabot can access were updated. |
dependabot_security_updates
category actions
Action | Description |
---|---|
dependabot_security_updates.disable | An enterprise owner or site administrator disabled Dependabot security updates for all existing repositories. For more information, see "Managing security and analysis settings for your organization." |
dependabot_security_updates.enable | An enterprise owner or site administrator enabled Dependabot security updates for all existing repositories. |
dependabot_security_updates_new_repos
category actions
Action | Description |
---|---|
dependabot_security_updates_new_repos.disable | An enterprise owner or site administrator disabled Dependabot security updates for all new repositories. For more information, see "Managing security and analysis settings for your organization." |
dependabot_security_updates_new_repos.enable | An enterprise owner or site administrator enabled Dependabot security updates for all new repositories. |
dependency_graph
category actions
Action | Description |
---|---|
dependency_graph.disable | An enterprise owner or site administrator disabled the dependency graph for all existing repositories. For more information, see "Managing security and analysis settings for your organization." |
dependency_graph.enable | An enterprise owner or site administrator enabled the dependency graph for all existing repositories. |
dependency_graph_new_repos
category actions
Action | Description |
---|---|
dependency_graph_new_repos.disable | An enterprise owner or site administrator disabled the dependency graph for all new repositories. For more information, see "Managing security and analysis settings for your organization." |
dependency_graph_new_repos.enable | An enterprise owner or site administrator enabled the dependency graph for all new repositories. |
dotcom_connection
category actions
Action | Description |
---|---|
dotcom_connection.create | A GitHub Connect connection to GitHub.com was created. |
dotcom_connection.destroy | A GitHub Connect connection to GitHub.com was deleted. |
dotcom_connection.token_updated | The GitHub Connect connection token for GitHub.com was updated. |
dotcom_connection.upload_license_usage | GitHub Enterprise Server license usage was manually uploaded to GitHub Enterprise Cloud. |
dotcom_connection.upload_usage_metrics | GitHub Enterprise Server usage metrics were uploaded to GitHub.com. |
enterprise
category actions
Action | Description |
---|---|
enterprise.config.disable_anonymous_git_access | An enterprise owner or site administrator disabled anonymous Git read access for repositories in the enterprise. For more information, see "Enforcing repository management policies in your enterprise." |
enterprise.config.enable_anonymous_git_access | An enterprise owner or site administrator enabled anonymous Git read access for repositories in the enterprise. For more information, see "Enforcing repository management policies in your enterprise." |
enterprise.config.lock_anonymous_git_access | An enterprise owner or site administrator locked anonymous Git read access to prevent repository admins from changing existing anonymous Git read access settings for repositories in the enterprise. For more information, see "Enforcing repository management policies in your enterprise." |
enterprise.config.unlock_anonymous_git_access | An enterprise owner or site administrator unlocked anonymous Git read access to allow repository admins to change existing anonymous Git read access settings for repositories in the enterprise. For more information, see "Enforcing repository management policies in your enterprise." |
enterprise.register_self_hosted_runner | A new GitHub Actions self-hosted runner was registered. For more information, see "Adding self-hosted runners." |
enterprise.remove_self_hosted_runner | A GitHub Actions self-hosted runner was removed. For more information, see "Removing self-hosted runners." |
enterprise.runner_group_created | A GitHub Actions self-hosted runner group was created. For more information, see "Managing access to self-hosted runners using groups." |
enterprise.runner_group_removed | A GitHub Actions self-hosted runner group was removed. For more information, see "Managing access to self-hosted runners using groups." |
enterprise.runner_group_renamed | A GitHub Actions self-hosted runner group was renamed. For more information, see "Managing access to self-hosted runners using groups." |
enterprise.runner_group_updated | The configuration of a GitHub Actions self-hosted runner group was changed. For more information, see "Managing access to self-hosted runners using groups." |
enterprise.runner_group_runner_removed | The REST API was used to remove a GitHub Actions self-hosted runner from a group. For more information, see "Actions." |
enterprise.runner_group_runners_added | A GitHub Actions self-hosted runner was added to a group. For more information, see Moving a self-hosted runner to a group. |
enterprise.runner_group_runners_updated | A GitHub Actions runner group's list of members was updated. For more information, see "Actions." |
enterprise.self_hosted_runner_online | The GitHub Actions runner application was started. Can only be viewed using the REST API; not visible in the UI or JSON/CSV export. For more information, see "Monitoring and troubleshooting self-hosted runners." |
enterprise.self_hosted_runner_offline | The GitHub Actions runner application was stopped. Can only be viewed using the REST API; not visible in the UI or JSON/CSV export. For more information, see "Monitoring and troubleshooting self-hosted runners." |
enterprise.self_hosted_runner_updated | The GitHub Actions runner application was updated. Can be viewed using the REST API and the UI; not visible in the JSON/CSV export. For more information, see "About self-hosted runners." |
git
category actions
Before you'll see git
category actions, you must enable Git events in the audit log. For more information, see "Configuring the audit log for your enterprise."
Note: Git events are not included in search results.
Action | Description |
---|---|
git.clone | A repository was cloned. |
git.fetch | Changes were fetched from a repository. |
git.push | Changes were pushed to a repository. |
hook
category actions
Action | Description |
---|---|
hook.active_changed | A hook's active status was updated. |
hook.config_changed | A hook's configuration was changed. |
hook.create | A new hook was added. |
hook.destroy | A hook was deleted. |
hook.events_changed | A hook's configured events were changed. |
integration
category actions
Action | Description |
---|---|
integration.create | An integration was created. |
integration.destroy | An integration was deleted. |
integration.manager_added | A member of an enterprise or organization was added as an integration manager. |
integration.manager_removed | A member of an enterprise or organization was removed from being an integration manager. |
integration.transfer | Ownership of an integration was transferred to another user or organization. |
integration.remove_client_secret | A client secret for an integration was removed. |
integration.revoke_all_tokens | All user tokens for an integration were requested to be revoked. |
integration.revoke_tokens | Token(s) for an integration were revoked. |
integration_installation
category actions
Action | Description |
---|---|
integration_installation.contact_email_changed | A contact email for an integration was changed. |
integration_installation.create | An integration was installed. |
integration_installation.destroy | An integration was uninstalled. |
integration_installation.repositories_added | Repositories were added to an integration. |
integration_installation.repositories_removed | Repositories were removed from an integration. |
integration_installation.version_updated | Permissions for an integration were updated. |
integration_installation_request
category actions
Action | Description |
---|---|
integration_installation_request.create | An member requested that an owner install an integration for use in an enterprise or organization. |
integration_installation_request.close | A request to install an integration for use in an enterprise or organization was either approved or denied by an owner, or canceled by the member who opened the request. |
issue
category actions
Action | Description |
---|---|
issue.destroy | An issue was deleted from the repository. For more information, see "Deleting an issue." |
issue.pinned | An issue was pinned to a repository. For more information, see "Pinning an issue to your repository." |
issue.transfer | An issue was transferred to another repository. For more information, see "Transferring an issue to another repository." |
issue.unpinned | An issue was unpinned from a repository. For more information, see "Pinning an issue to your repository." |
issue_comment
category actions
Action | Description |
---|---|
issue_comment.destroy | A comment on an issue was deleted from the repository. |
issue_comment.pinned | A comment on an issue was pinned to a repository. |
issue_comment.unpinned | A comment on an issue was unpinned from a repository. |
issue_comment.update | A comment on an issue (other than the initial one) changed. |
issues
category actions
Action | Description |
---|---|
issues.deletes_disabled | The ability for enterprise members to delete issues was disabled. Members cannot delete issues in any organizations in an enterprise. For more information, see "Enforcing repository management policies in your enterprise." |
issues.deletes_enabled | The ability for enterprise members to delete issues was enabled. Members can delete issues in any organizations in an enterprise. For more information, see "Enforcing repository management policies in your enterprise." |
issues.deletes_policy_cleared | An enterprise owner or site administrator cleared the policy setting for allowing members to delete issues in an enterprise. For more information, see "Enforcing repository management policies in your enterprise." |
members_can_create_pages
category actions
Action | Description |
---|---|
members_can_create_pages.disable | The ability for members to publish GitHub Pages was disabled. Members cannot publish GitHub Pages in an organization. For more information, see "Managing the publication of GitHub Pages sites for your organization." |
members_can_create_pages.enable | The ability for members to publish GitHub Pages was enabled. Members can publish GitHub Pages in an organization. For more information, see "Managing the publication of GitHub Pages sites for your organization." |
members_can_create_private_pages
category actions
Action | Description |
---|---|
members_can_create_private_pages.disable | The ability for members to publish private GitHub Pages was disabled. Members cannot publish private GitHub Pages in an organization. For more information, see "Managing the publication of GitHub Pages sites for your organization." |
members_can_create_private_pages.enable | The ability for members to publish private GitHub Pages was enabled. Members can publish private GitHub Pages in an organization. For more information, see "Managing the publication of GitHub Pages sites for your organization." |
members_can_create_public_pages
category actions
Action | Description |
---|---|
members_can_create_public_pages.disable | The ability for members to publish public GitHub Pages was disabled. Members cannot publish public GitHub Pages in an organization. For more information, see "Managing the publication of GitHub Pages sites for your organization." |
members_can_create_public_pages.enable | The ability for members to publish public GitHub Pages was enabled. Members can publish public GitHub Pages in an organization. For more information, see "Managing the publication of GitHub Pages sites for your organization." |
members_can_delete_repos
category actions
Action | Description |
---|---|
members_can_delete_repos.clear | An enterprise owner or site administrator cleared the policy setting for deleting or transferring repositories in any organizations in an enterprise. For more information, see "Enforcing repository management policies in your enterprise." |
members_can_delete_repos.disable | The ability for enterprise members to delete repositories was disabled. Members cannot delete or transfer repositories in any organizations in an enterprise. For more information, see "Enforcing repository management policies in your enterprise." |
members_can_delete_repos.enable | The ability for enterprise members to delete repositories was enabled. Members can delete or transfer repositories in any organizations in an enterprise. For more information, see "Enforcing repository management policies in your enterprise." |
members_can_view_dependency_insights
category actions
Action | Description |
---|---|
members_can_view_dependency_insights.clear | An enterprise owner or site administrator cleared the policy setting for viewing dependency insights in any organizations in an enterprise. |
members_can_view_dependency_insights.disable | The ability for enterprise members to view dependency insights was disabled. Members cannot view dependency insights in any organizations in an enterprise. |
members_can_view_dependency_insights.enable | The ability for enterprise members to view dependency insights was enabled. Members can view dependency insights in any organizations in an enterprise. |
migration
category actions
Action | Description |
---|---|
migration.create | A migration file was created for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance. |
migration.destroy_file | A migration file for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance was deleted. |
migration.download | A migration file for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance was downloaded. |
oauth_access
category actions
Action | Description |
---|---|
oauth_access.create | An OAuth access token was generated for a user account. For more information, see "Managing your personal access tokens." |
oauth_access.destroy | An OAuth access token was deleted from a user account. |
oauth_application
category actions
Action | Description |
---|---|
oauth_application.create | An OAuth app was created for a user or organization account. |
oauth_application.destroy | An OAuth app was deleted from a user or organization account. |
oauth_application.reset_secret | An OAuth app's secret key was reset. |
oauth_application.revoke_tokens | Token(s) for an OAuth app were revoked. |
oauth_application.transfer | An OAuth app was transferred from one user or organization account to another. |
oauth_application.unsuspend | An OAuth app was unsuspended for a user or organization account. |
org
category actions
Action | Description |
---|---|
org.accept_business_invitation | An invitation sent to an organization to join an enterprise was accepted. |
org.add_billing_manager | A billing manager was added to an organization. |
org.add_member | A user joined an organization. |
org.advanced_security_disabled_for_new_repos | GitHub Advanced Security was disabled for new repositories in an organization. |
org.advanced_security_disabled_on_all_repos | GitHub Advanced Security was disabled for all repositories in an organization. |
org.advanced_security_enabled_for_new_repos | GitHub Advanced Security was enabled for new repositories in an organization. |
org.advanced_security_enabled_on_all_repos | GitHub Advanced Security was enabled for all repositories in an organization. |
org.advanced_security_policy_selected_member_disabled | An enterprise owner prevented GitHub Advanced Security features from being enabled for repositories owned by the organization. For more information, see "Enforcing policies for Advanced Security in your enterprise." |
org.advanced_security_policy_selected_member_enabled | An enterprise owner allowed GitHub Advanced Security features to be enabled for repositories owned by the organization. For more information, see "Enforcing policies for Advanced Security in your enterprise." |
org.advanced_security_policy_update | An organization owner updated polices for GitHub Advanced Security in an enterprise. For more information, see "Enforcing policies for Advanced Security in your enterprise." |
org.async_delete | A user initiated a background job to delete an organization. |
org.block_user | An organization owner blocked a user from accessing the organization's repositories. |
org.cancel_business_invitation | An invitation for an organization to join an enterprise was revoked. |
org.cancel_invitation | An invitation sent to a user to join an organization was revoked. |
org.clear_actions_settings | An organization owner cleared GitHub Actions policy settings for an organization. For more information, see "Disabling or limiting GitHub Actions for your organization." |
org.clear_default_repository_permission | An organization owner cleared the base repository permission policy setting for an organization. For more information, see "Setting base permissions for an organization." |
org.clear_member_team_creation_permission | An organization owner cleared the new teams creation setting for an organization. For more information, see "Setting team creation permissions in your organization." |
org.clear_reader_discussion_creation_permission | An organization owner cleared the new discussion creation setting for an organization. |
org.clear_members_can_create_repos | An organization owner cleared a restriction on repository creation in an organization. For more information, see "Restricting repository creation in your organization." |
org.clear_members_can_invite_outside_collaborators | An organization owner cleared the outside collaborators invitation policy for an organization. For more information, see "Setting permissions for adding outside collaborators." |
org.clear_new_repository_default_branch_setting | An organization owner cleared the default branch name for new repositories setting for an organization. For more information, see "Managing the default branch name for repositories in your organization." |
org.config.disable_collaborators_only | The interaction limit for collaborators only for an organization was disabled. |
org.config.disable_contributors_only | The interaction limit for prior contributors only for an organization was disabled. |
org.config.disable_sockpuppet_disallowed | The interaction limit for existing users only for an organization was disabled. |
org.config.enable_collaborators_only | The interaction limit for collaborators only for an organization was enabled. |
org.config.enable_contributors_only | The interaction limit for prior contributors only for an organization was enabled. |
org.config.enable_sockpuppet_disallowed | The interaction limit for existing users only for an organization was enabled. |
org.confirm_business_invitation | An invitation for an organization to join an enterprise was confirmed. |
org.create | An organization was created. For more information, see "Creating a new organization from scratch." |
org.create_actions_secret | A GitHub Actions secret was created for an organization. For more information, see "Encrypted secrets." |
org.create_integration_secret | A Dependabot integration secret was created for an organization. |
org.delete | An organization was deleted by a user-initiated background job. |
org.disable_member_team_creation_permission | An organization owner limited team creation to owners. For more information, see "Setting team creation permissions in your organization." |
org.disable_reader_discussion_creation_permission | An organization owner limited discussion creation to users with at least triage permission in an organization. |
org.disable_two_factor_requirement | An organization owner disabled a two-factor authentication requirement for all members and outside collaborators in an organization. |
org.display_commenter_full_name_disabled | An organization owner disabled the display of a commenter's full name in an organization. Members cannot see a comment author's full name. |
org.display_commenter_full_name_enabled | An organization owner enabled the display of a commenter's full name in an organization. Members can see a comment author's full name. |
org.enable_member_team_creation_permission | An organization owner allowed members to create teams. For more information, see "Setting team creation permissions in your organization." |
org.enable_reader_discussion_creation_permission | An organization owner allowed users with read access to create discussions in an organization. |
org.enable_two_factor_requirement | An organization owner requires two-factor authentication for all members and outside collaborators in an organization. |
org.integration_manager_added | An organization owner granted a member access to manage all GitHub Apps owned by an organization. |
org.integration_manager_removed | An organization owner removed access to manage all GitHub Apps owned by an organization from an organization member. |
org.invite_member | A new user was invited to join an organization. |
org.invite_to_business | An organization was invited to join an enterprise. |
org.members_can_update_protected_branches.clear | An organization owner unset a policy for whether members of an organization can update protected branches on repositories in an organization. Organization owners can choose whether to allow updating protected branches settings. |
org.members_can_update_protected_branches.disable | The ability for enterprise members to update protected branches was disabled. Only enterprise owners can update protected branches. |
org.members_can_update_protected_branches.enable | The ability for enterprise members to update protected branches was enabled. Members of an organization can update protected branches. |
org.recreate | An organization was restored. |
org.register_self_hosted_runner | A new self-hosted runner was registered. For more information, see "Adding self-hosted runners." |
org.remove_actions_secret | A GitHub Actions secret was removed. |
org.remove_integration_secret | A Dependabot integration secret was removed from an organization. |
org.remove_billing_manager | An owner removed a billing manager from an organization. or when two-factor authentication was required in an organization and a billing manager didn't use 2FA or disabled 2FA. |
org.remove_member | An owner removed a member from an organization or when two-factor authentication was required in an organization and an organization member doesn't use 2FA or disabled 2FA. Also an organization member removed themselves from an organization. |
org.remove_outside_collaborator | An owner removed an outside collaborator from an organization or when two-factor authentication was required in an organization and an outside collaborator didn't use 2FA or disabled 2FA. |
org.remove_self_hosted_runner | A self-hosted runner was removed. For more information, see "Removing self-hosted runners." |
org.rename | An organization was renamed. |
org.restore_member | An organization member was restored. For more information, see "Reinstating a former member of your organization." |
org.runner_group_created | A self-hosted runner group was created. For more information, see "Managing access to self-hosted runners using groups." |
org.runner_group_removed | A self-hosted runner group was removed. For more information, see "Managing access to self-hosted runners using groups." |
org.runner_group_updated | The configuration of a self-hosted runner group was changed. For more information, see "Managing access to self-hosted runners using groups." |
org.runner_group_runner_removed | The REST API was used to remove a self-hosted runner from a group. For more information, see "Actions." |
org.runner_group_runners_added | A self-hosted runner was added to a group. For more information, see Moving a self-hosted runner to a group. |
org.runner_group_runners_updated | A runner group's list of members was updated. For more information, see "Actions." |
org.secret_scanning_push_protection_disable | An organization owner or administrator disabled push protection for secret scanning. For more information, see "Protecting pushes with secret scanning." |
org.secret_scanning_push_protection_enable | An organization owner or administrator enabled push protection for secret scanning. |
org.self_hosted_runner_online | The runner application was started. Can only be viewed using the REST API; not visible in the UI or JSON/CSV export. For more information, see "Monitoring and troubleshooting self-hosted runners." |
org.self_hosted_runner_offline | The runner application was stopped. Can only be viewed using the REST API; not visible in the UI or JSON/CSV export. For more information, see "Monitoring and troubleshooting self-hosted runners." |
org.self_hosted_runner_updated | The runner application was updated. Can be viewed using the REST API and the UI; not visible in the JSON/CSV export. For more information, see "About self-hosted runners." |
org.set_actions_retention_limit | The retention period for GitHub Actions artifacts and logs in an organization was changed. For more information, see "Configuring the retention period for GitHub Actions artifacts and logs in your organization." |
org.set_fork_pr_workflows_policy | The policy for workflows on private repository forks was changed. For more information, see "Disabling or limiting GitHub Actions for your organization." |
org.sso_response | A SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your organization. This event is only available via audit log streaming and the REST API. |
org.transform | A user account was converted into an organization. For more information, see "Converting a user into an organization." |
org.unblock_user | An organization owner unblocked a user from an organization. |
org.update_actions_secret | A GitHub Actions secret was updated. |
org.update_integration_secret | A Dependabot integration secret was updated for an organization. |
org.update_default_repository_permission | An organization owner changed the default repository permission level for organization members. |
org.update_member | An organization owner changed a person's role from owner to member or member to owner. |
org.update_member_repository_creation_permission | An organization owner changed the create repository permission for organization members. |
org.update_member_repository_invitation_permission | An organization owner changed the policy setting for organization members inviting outside collaborators to repositories. For more information, see "Setting permissions for adding outside collaborators." |
org.update_new_repository_default_branch_setting | An organization owner changed the name of the default branch for new repositories in the organization. For more information, see "Managing the default branch name for repositories in your organization." |
org_credential_authorization
category actions
Action | Description |
---|---|
org_credential_authorization.deauthorized | A member deauthorized credentials for use with SAML single sign-on. |
org_credential_authorization.grant | A member authorized credentials for use with SAML single sign-on. |
org_credential_authorization.revoke | An owner revoked authorized credentials. |
org_secret_scanning_custom_pattern
category actions
Action | Description |
---|---|
org_secret_scanning_custom_pattern.create | A custom pattern was created for secret scanning in an organization. For more information, see "Defining custom patterns for secret scanning." |
org_secret_scanning_custom_pattern.delete | A custom pattern was removed from secret scanning in an organization. For more information, see "Defining custom patterns for secret scanning." |
org_secret_scanning_custom_pattern.publish | A custom pattern was published for secret scanning in an organization. For more information, see "Defining custom patterns for secret scanning." |
org_secret_scanning_custom_pattern.update | Changes to a custom pattern were saved and a dry run was executed for secret scanning in an organization. For more information, see "Defining custom patterns for secret scanning." |
organization_default_label
category actions
Action | Description |
---|---|
organization_default_label.create | A default label for repositories in an organization was created. For more information, see "Managing default labels for repositories in your organization." |
organization_default_label.update | A default label for repositories in an organization was edited. For more information, see "Managing default labels for repositories in your organization." |
organization_default_label.destroy | A default label for repositories in an organization was deleted. For more information, see "Managing default labels for repositories in your organization." |
organization_domain
category actions
Action | Description |
---|---|
organization_domain.approve | An enterprise domain was approved for an organization. For more information, see "Verifying or approving a domain for your organization." |
organization_domain.create | An enterprise domain was added to an organization. For more information, see "Verifying or approving a domain for your organization." |
organization_domain.destroy | An enterprise domain was removed from an organization. For more information, see "Verifying or approving a domain for your organization." |
organization_domain.verify | An enterprise domain was verified for an organization. For more information, see "Verifying or approving a domain for your organization." |
organization_projects_change
category actions
Action | Description |
---|---|
organization_projects_change.clear | An enterprise owner or site administrator cleared the policy setting for organization-wide project boards in an enterprise. For more information, see "Enforcing policies for projects in your enterprise." |
organization_projects_change.disable | Organization projects were disabled for all organizations in an enterprise. For more information, see "Enforcing policies for projects in your enterprise." |
organization_projects_change.enable | Organization projects were enabled for all organizations in an enterprise. For more information, see "Enforcing policies for projects in your enterprise." |
pre_receive_environment
category actions
Action | Description |
---|---|
pre_receive_environment.create | A pre-receive hook environment was created. For more information, see "Creating a pre-receive hook environment." |
pre_receive_environment.destroy | A pre-receive hook environment was deleted. For more information, see "Creating a pre-receive hook environment." |
pre_receive_environment.download | A pre-receive hook environment was downloaded. For more information, see "Creating a pre-receive hook environment." |
pre_receive_environment.update | A pre-receive hook environment was updated. For more information, see "Creating a pre-receive hook environment." |
pre_receive_hook
category actions
Action | Description |
---|---|
pre_receive_hook.create | A pre-receive hook was created. For more information, see "Managing pre-receive hooks on the GitHub Enterprise Server appliance." |
pre_receive_hook.destroy | A pre-receive hook was deleted. For more information, see "Managing pre-receive hooks on the GitHub Enterprise Server appliance." |
pre_receive_hook.enforcement | A pre-receive hook enforcement setting allowing repository administrators and organization owners to override the hook configuration was enabled or disabled. For more information, see "Managing pre-receive hooks on the GitHub Enterprise Server appliance." |
pre_receive_hook.rejected_push | A pre-receive hook rejected a push. |
pre_receive_hook.update | A pre-receive hook was created. For more information, see "Managing pre-receive hooks on the GitHub Enterprise Server appliance." |
pre_receive_hook.warned_push | A pre-receive hook warned about a push. |
private_repository_forking
category actions
Action | Description |
---|---|
private_repository_forking.clear | An enterprise owner or site administrator cleared the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise. For more information, see "Managing the forking policy for your repository, "Managing the forking policy for your organization and for enterprises "Enforcing repository management policies in your enterprise." |
private_repository_forking.disable | An enterprise owner or site administrator disabled the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise. Private and internal repositories are never allowed to be forked. For more information, see "Managing the forking policy for your repository, "Managing the forking policy for your organization and for enterprises "Enforcing repository management policies in your enterprise." |
private_repository_forking.enable | An enterprise owner or site administrator enabled the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise. Private and internal repositories are always allowed to be forked. For more information, see "Managing the forking policy for your repository, "Managing the forking policy for your organization and for enterprises "Enforcing repository management policies in your enterprise." |
project
category actions
Action | Description |
---|---|
project.access | A project board visibility was changed. For more information, see "Changing project board visibility." |
project.close | A project board was closed. For more information, see "Closing a project board." |
project.create | A project board was created. For more information, see "Creating a project board." |
project.delete | A project board was deleted. For more information, see "Deleting a project board." |
project.link | A repository was linked to a project board. For more information, see "Linking a repository to a project board." |
project.open | A project board was reopened. For more information, see "Reopening a closed project board." |
project.rename | A project board was renamed. For more information, see "Editing a project board." |
project.unlink | A repository was unlinked from a project board. For more information, see "Linking a repository to a project board." |
project.update_org_permission | The project's base-level permission for all organization members was changed or removed. For more information, see "Managing access to a project board for organization members." |
project.update_team_permission | A team's project board permission level was changed or when a team was added or removed from a project board. For more information, see "Managing team access to an organization project board." |
project.update_user_permission | An organization member or outside collaborator was added to or removed from a project board or had their permission level changed. For more information, see "Managing an individual’s access to an organization project board." |
protected_branch
category actions
Action | Description |
---|---|
protected_branch.create | Branch protection was enabled on a branch. |
protected_branch.destroy | Branch protection was disabled on a branch. |
protected_branch.dismiss_stale_reviews | Enforcement of dismissing stale pull requests was updated on a branch. |
protected_branch.dismissal_restricted_users_teams | Enforcement of restricting users and/or teams who can dismiss reviews was updated on a branch. |
protected_branch.policy_override | A branch protection requirement was overridden by a repository administrator. |
protected_branch.rejected_ref_update | A branch update attempt was rejected. |
protected_branch.required_status_override | The required status checks branch protection requirement was overridden by a repository administrator. |
protected_branch.review_policy_and_required_status_override | The required reviews and required status checks branch protection requirements were overridden by a repository administrator. |
protected_branch.review_policy_override | The required reviews branch protection requirement was overridden by a repository administrator. |
protected_branch.update_admin_enforced | Branch protection was enforced for repository administrators. |
protected_branch.update_allow_deletions_enforcement_level | Enforcement of allowing users with push access to delete matching branches was updated on a branch. |
protected_branch.update_allow_force_pushes_enforcement_level | Enforcement of allowing force pushes for all users with push access was updated on a branch. |
protected_branch.update_linear_history_requirement_enforcement_level | Enforcement of requiring linear commit history was updated on a branch. |
protected_branch.update_pull_request_reviews_enforcement_level | Enforcement of required pull request reviews was updated on a branch. Can be one of 0 (deactivated), 1 (non-admins), 2 (everyone). |
protected_branch.update_require_code_owner_review | Enforcement of required code owner review was updated on a branch. |
protected_branch.update_required_approving_review_count | Enforcement of the required number of approvals before merging was updated on a branch. |
protected_branch.update_required_status_checks_enforcement_level | Enforcement of required status checks was updated on a branch. |
protected_branch.update_signature_requirement_enforcement_level | Enforcement of required commit signing was updated on a branch. |
protected_branch.update_strict_required_status_checks_policy | Enforcement of required status checks was updated on a branch. |
protected_branch.update_name | A branch name pattern was updated for a branch. |
public_key
category actions
Action | Description |
---|---|
public_key.create | An SSH key was added to a user account or a deploy key was added to a repository. |
public_key.delete | An SSH key was removed from a user account or a deploy key was removed from a repository. |
public_key.update | A user account's SSH key or a repository's deploy key was updated. |
public_key.unverification_failure | A user account's SSH key or a repository's deploy key was unable to be unverified. |
public_key.unverify | A user account's SSH key or a repository's deploy key was unverified. |
public_key.verification_failure | A user account's SSH key or a repository's deploy key was unable to be verified. |
public_key.verify | A user account's SSH key or a repository's deploy key was verified. |
pull_request
category actions
Action | Description |
---|---|
pull_request.close | A pull request was closed without being merged. For more information, see "Closing a pull request." |
pull_request.converted_to_draft | A pull request was converted to a draft. For more information, see "Changing the stage of a pull request." |
pull_request.create | A pull request was created. For more information, see "Creating a pull request." |
pull_request.create_review_request | A review was requested on a pull request. For more information, see "About pull request reviews." |
pull_request.in_progress | A pull request was marked as in progress. |
pull_request.indirect_merge | A pull request was considered merged because the pull request's commits were merged into the target branch. |
pull_request.merge | A pull request was merged. For more information, see "Merging a pull request." |
pull_request.ready_for_review | A pull request was marked as ready for review. For more information, see "Changing the stage of a pull request." |
pull_request.remove_review_request | A review request was removed from a pull request. For more information, see "About pull request reviews." |
pull_request.reopen | A pull request was reopened after previously being closed. |
pull_request_review.delete | A review on a pull request was deleted. |
pull_request_review.dismiss | A review on a pull request was dismissed. For more information, see "Dismissing a pull request review." |
pull_request_review.submit | A review was submitted for a pull request. For more information, see "About pull request reviews." |
pull_request_review
category actions
Action | Description |
---|---|
pull_request_review.delete | A review on a pull request was deleted. |
pull_request_review.dismiss | A review on a pull request was dismissed. For more information, see "Dismissing a pull request review." |
pull_request_review.submit | A review on a pull request was submitted. For more information, see "Reviewing proposed changes in a pull request." |
pull_request_review_comment
category actions
Action | Description |
---|---|
pull_request_review_comment.create | A review comment was added to a pull request. For more information, see "About pull request reviews." |
pull_request_review_comment.delete | A review comment on a pull request was deleted. |
pull_request_review_comment.update | A review comment on a pull request was changed. |
repo
category actions
Action | Description |
---|---|
repo.access | The visibility of a repository changed. |
repo.actions_enabled | GitHub Actions was enabled for a repository. |
repo.add_member | A collaborator was added to a repository. |
repo.add_topic | A topic was added to a repository. |
repo.advanced_security_disabled | GitHub Advanced Security was disabled for a repository. |
repo.advanced_security_enabled | GitHub Advanced Security was enabled for a repository. |
repo.advanced_security_policy_selected_member_disabled | A repository administrator prevented GitHub Advanced Security features from being enabled for a repository. |
repo.advanced_security_policy_selected_member_enabled | A repository administrator allowed GitHub Advanced Security features to be enabled for a repository. |
repo.archived | A repository was archived. For more information, see "Archiving a GitHub repository." |
repo.change_merge_setting | Pull request merge options were changed for a repository. |
repo.clear_actions_settings | A repository administrator cleared GitHub Actions policy settings for a repository. |
repo.code_scanning_analysis_deleted | Code scanning analysis for a repository was deleted. For more information, see "Code Scanning." |
repo.config | A repository administrator blocked force pushes. For more information, see "Enforcing repository management policies in your enterprise." |
repo.config.disable_anonymous_git_access | Anonymous Git read access was disabled for a repository. For more information, see "Enabling anonymous Git read access for a repository." |
repo.config.enable_anonymous_git_access | Anonymous Git read access was enabled for a repository. For more information, see "Enabling anonymous Git read access for a repository." |
repo.config.lock_anonymous_git_access | A repository's anonymous Git read access setting was locked, preventing repository administrators from changing (enabling or disabling) this setting. For more information, see "Enforcing repository management policies in your enterprise." |
repo.config.unlock_anonymous_git_access | A repository's anonymous Git read access setting was unlocked, allowing repository administrators to change (enable or disable) this setting. For more information, see "Enforcing repository management policies in your enterprise." |
repo.create | A repository was created. |
repo.create_actions_secret | A GitHub Actions secret was created for a repository. For more information, see "Encrypted secrets." |
repo.create_integration_secret | A Dependabot integration secret was created for a repository. |
repo.destroy | A repository was deleted. |
repo.disk_archive | A repository was archived on disk. For more information, see "Archiving repositories." |
repo.download_zip | A source code archive of a repository was downloaded as a ZIP file. For more information, see "Downloading source code archives." |
repo.pages_cname | A GitHub Pages custom domain was modified in a repository. |
repo.pages_create | A GitHub Pages site was created. |
repo.pages_destroy | A GitHub Pages site was deleted. |
repo.pages_https_redirect_disabled | HTTPS redirects were disabled for a GitHub Pages site. |
repo.pages_https_redirect_enabled | HTTPS redirects were enabled for a GitHub Pages site. |
repo.pages_source | A GitHub Pages source was modified. |
repo.pages_private | A GitHub Pages site visibility was changed to private. |
repo.pages_public | A GitHub Pages site visibility was changed to public. |
repo.register_self_hosted_runner | A new self-hosted runner was registered. For more information, see "Adding self-hosted runners." |
repo.remove_self_hosted_runner | A self-hosted runner was removed. For more information, see "Removing self-hosted runners." |
repo.remove_actions_secret | A GitHub Actions secret was deleted for a repository. |
repo.remove_integration_secret | A Dependabot integration secret was deleted for a repository. |
repo.remove_member | A collaborator was removed from a repository. |
repo.remove_topic | A topic was removed from a repository. |
repo.rename | A repository was renamed. |
repo.set_actions_retention_limit | The retention period for GitHub Actions artifacts and logs in a repository was changed. For more information, see "Managing GitHub Actions settings for a repository." |
repo.self_hosted_runner_online | The runner application was started. Can only be viewed using the REST API; not visible in the UI or JSON/CSV export. For more information, see "Monitoring and troubleshooting self-hosted runners." |
repo.self_hosted_runner_offline | The runner application was stopped. Can only be viewed using the REST API; not visible in the UI or JSON/CSV export. For more information, see "Monitoring and troubleshooting self-hosted runners." |
repo.self_hosted_runner_updated | The runner application was updated. Can be viewed using the REST API and the UI; not visible in the JSON/CSV export. For more information, see "About self-hosted runners." |
repo.staff_unlock | An enterprise administrator or GitHub staff (with permission from a repository administrator) temporarily unlocked the repository. |
repo.transfer | A user accepted a request to receive a transferred repository. |
repo.transfer_outgoing | A repository was transferred to another repository network. |
repo.transfer_start | A user sent a request to transfer a repository to another user or organization. |
repo.unarchived | A repository was unarchived. For more information, see "Archiving a GitHub repository." |
repo.update_actions_settings | A repository administrator changed GitHub Actions policy settings for a repository. |
repo.update_actions_secret | A GitHub Actions secret was updated. |
repo.update_actions_access_settings | The setting to control how a repository was used by GitHub Actions workflows in other repositories was changed. |
repo.update_default_branch | The default branch for a repository was changed. |
repo.update_integration_secret | A Dependabot integration secret was updated for a repository. |
repo.update_member | A user's permission to a repository was changed. |
repository_image
category actions
Action | Description |
---|---|
repository_image.create | An image to represent a repository was uploaded. |
repository_image.destroy | An image to represent a repository was deleted. |
repository_invitation
category actions
Action | Description |
---|---|
repository_invitation.accept | An invitation to join a repository was accepted. |
repository_invitation.cancel | An invitation to join a repository was canceled. |
repository_invitation.create | An invitation to join a repository was sent. |
repository_invitation.reject | An invitation to join a repository was declined. |
repository_projects_change
category actions
Action | Description |
---|---|
repository_projects_change.clear | The repository projects policy was removed for an organization, or all organizations in the enterprise. Organization owners can now control their repository projects settings. For more information, see "Enforcing policies for projects in your enterprise." |
repository_projects_change.disable | Repository projects were disabled for a repository, all repositories in an organization, or all organizations in an enterprise. |
repository_projects_change.enable | Repository projects were enabled for a repository, all repositories in an organization, or all organizations in an enterprise. |
repository_secret_scanning
category actions
Action | Description |
---|---|
repository_secret_scanning.disable | A repository owner or administrator disabled secret scanning for a repository. For more information, see "About secret scanning." |
repository_secret_scanning.enable | A repository owner or administrator enabled secret scanning for a repository. |
repository_secret_scanning_custom_pattern
category actions
Action | Description |
---|---|
repository_secret_scanning_custom_pattern.create | A custom pattern was created for secret scanning in a repository. For more information, see "Defining custom patterns for secret scanning." |
repository_secret_scanning_custom_pattern.delete | A custom pattern was removed from secret scanning in a repository. For more information, see "Defining custom patterns for secret scanning." |
repository_secret_scanning_custom_pattern.publish | A custom pattern was published for secret scanning in a repository. For more information, see "Defining custom patterns for secret scanning." |
repository_secret_scanning_custom_pattern.update | Changes to a custom pattern were saved and a dry run was executed for secret scanning in a repository. For more information, see "Defining custom patterns for secret scanning." |
repository_secret_scanning_push_protection
category actions
Action | Description |
---|---|
repository_secret_scanning_push_protection.disable | A repository owner or administrator disabled secret scanning for a repository. For more information, see "Protecting pushes with secret scanning." |
repository_secret_scanning_push_protection.enable | A repository owner or administrator enabled secret scanning for a repository. For more information, see "Protecting pushes with secret scanning." |
repository_visibility_change
category actions
Action | Description |
---|---|
repository_visibility_change.clear | The repository visibility change setting was cleared for an organization or enterprise. For more information, see "Restricting repository visibility changes in your organization" and "Enforcing repository management policies in your enterprise for an enterprise." |
repository_visibility_change.disable | The ability for enterprise members to update a repository's visibility was disabled. Members are unable to change repository visibilities in an organization, or all organizations in an enterprise. |
repository_visibility_change.enable | The ability for enterprise members to update a repository's visibility was enabled. Members are able to change repository visibilities in an organization, or all organizations in an enterprise. |
repository_vulnerability_alert
category actions
Action | Description |
---|---|
repository_vulnerability_alert.create | GitHub Enterprise Server created a Dependabot alert for a repository that uses an insecure dependency. For more information, see "About Dependabot alerts." |
repository_vulnerability_alert.dismiss | An organization owner or repository administrator dismissed a Dependabot alert about a vulnerable dependency. |
repository_vulnerability_alert.resolve | Someone with write access to a repository pushed changes to update and resolve a Dependabot alert in a project dependency. |
required_status_check
category actions
Action | Description |
---|---|
required_status_check.create | A status check was marked as required for a protected branch. For more information, see "About protected branches." |
required_status_check.destroy | A status check was no longer marked as required for a protected branch. For more information, see "About protected branches." |
restrict_notification_delivery
category actions
Action | Description |
---|---|
restrict_notification_delivery.enable | Email notification restrictions for an organization or enterprise were enabled. For more information, see "Restricting email notifications for your organization" and "Restricting email notifications for your enterprise." |
restrict_notification_delivery.disable | Email notification restrictions for an organization or enterprise were disabled. For more information, see "Restricting email notifications for your organization" and "Restricting email notifications for your enterprise." |
role
category actions
Action | Description |
---|---|
create | An organization owner created a new custom repository role. For more information, see "Managing custom repository roles for an organization." |
destroy | An organization owner deleted a custom repository role. For more information, see "Managing custom repository roles for an organization." |
update | An organization owner edited an existing custom repository role. For more information, see "Managing custom repository roles for an organization." |
secret_scanning
category actions
Action | Description |
---|---|
secret_scanning.disable | An organization owner disabled secret scanning for all existing repositories. For more information, see "About secret scanning." |
secret_scanning.enable | An organization owner enabled secret scanning for all existing repositories. |
secret_scanning_new_repos
category actions
Action | Description |
---|---|
secret_scanning_new_repos.disable | An organization owner disabled secret scanning for all new repositories. For more information, see "About secret scanning." |
secret_scanning_new_repos.enable | An organization owner enabled secret scanning for all new repositories. |
security_key
category actions
Action | Description |
---|---|
security_key.register | A security key was registered for an account. |
security_key.remove | A security key was removed from an account. |
ssh_certificate_authority
category actions
Action | Description |
---|---|
ssh_certificate_authority.create | An SSH certificate authority for an organization or enterprise was created. For more information, see "Managing your organization's SSH certificate authorities" and "Enforcing policies for security settings in your enterprise." |
ssh_certificate_authority.destroy | An SSH certificate authority for an organization or enterprise was deleted. For more information, see "Managing your organization's SSH certificate authorities" and "Enforcing policies for security settings in your enterprise." |
ssh_certificate_requirement
category actions
Action | Description |
---|---|
ssh_certificate_requirement.enable | The requirement for members to use SSH certificates to access an organization resources was enabled. For more information, see "Managing your organization's SSH certificate authorities" and "Enforcing policies for security settings in your enterprise." |
ssh_certificate_requirement.disable | The requirement for members to use SSH certificates to access an organization resources was disabled. For more information, see "Managing your organization's SSH certificate authorities" and "Enforcing policies for security settings in your enterprise." |
staff
category actions
Action | Description |
---|---|
staff.disable_repo | An organization, repository or site administrator disabled access to a repository and all of its forks. |
staff.enable_repo | An organization, repository or site administrator re-enabled access to a repository and all of its forks. |
staff.exit_fake_login | An enterprise owner or site administrator ended an impersonation session on GitHub Enterprise Server. |
staff.fake_login | An enterprise owner or site administrator signed into GitHub Enterprise Server as another user. |
staff.repo_lock | An organization, repository or site administrator locked (temporarily gained full access to) a user's private repository. |
staff.repo_unlock | An organization, repository or site administrator unlocked (ended their temporary access to) a user's private repository. |
staff.search_audit_log | A site administrator performed a search of the site admin audit log. |
staff.set_domain_token_expiration | A site administrator or GitHub staff set the verification code expiry time for an organization or enterprise domain. For more information, see "Verifying or approving a domain for your organization" and "Verifying or approving a domain for your enterprise." |
staff.unlock | A site administrator unlocked (temporarily gained full access to) all of a user's private repositories. |
staff.unverify_domain | A site administrator or GitHub staff unverified an organization or enterprise domain. For more information, see "Verifying or approving a domain for your organization" and "Verifying or approving a domain for your enterprise." |
staff.verify_domain | A site administrator or GitHub staff verified an organization or enterprise domain. For more information, see "Verifying or approving a domain for your organization" and "Verifying or approving a domain for your enterprise." |
staff.view_audit_log | A site administrator viewed the site admin audit log. |
team
category actions
Action | Description |
---|---|
team.add_member | A member of an organization was added to a team. For more information, see "Adding organization members to a team." |
team.add_repository | A team was given access and permissions to a repository. |
team.change_parent_team | A child team was created or a child team's parent was changed. For more information, see "Moving a team in your organization’s hierarchy." |
team.change_privacy | A team's privacy level was changed. For more information, see "Changing team visibility." |
team.create | A user account or repository was added to a team. |
team.delete | A user account or repository was removed from a team. |
team.destroy | A team was deleted. |
team.demote_maintainer | A user was demoted from a team maintainer to a team member. |
team.promote_maintainer | A user was promoted from a team member to a team maintainer. For more information, see "Assigning the team maintainer role to a team member." |
team.remove_member | A member of an organization was removed from a team. For more information, see "Removing organization members from a team." |
team.remove_repository | A repository was no longer under a team's control. |
team.rename | A team's name was changed. |
team.update_permission | A team's access was changed. |
team.update_repository_permission | A team's permission to a repository was changed. |
team_discussions
category actions
Action | Description |
---|---|
team_discussions.clear | An organization owner cleared the setting to allow team discussions for an organization or enterprise. |
team_discussions.disable | An organization owner disabled team discussions for an organization. For more information, see "Disabling team discussions for your organization." |
team_discussions.enable | An organization owner enabled team discussions for an organization. |
two_factor_authentication
category actions
Action | Description |
---|---|
two_factor_authentication.disabled | Two-factor authentication was disabled for a user account. |
two_factor_authentication.enabled | Two-factor authentication was enabled for a user account. |
two_factor_authentication.password_reset_fallback_sms | A one-time password code was sent to a user account fallback phone number. |
two_factor_authentication.recovery_codes_regenerated | Two factor recovery codes were regenerated for a user account. |
two_factor_authentication.sign_in_fallback_sms | A one-time password code was sent to a user account fallback phone number. |
two_factor_authentication.update_fallback | The two-factor authentication fallback for a user account was changed. |
user
category actions
Action | Description |
---|---|
user.add_email | An email address was added to a user account. |
user.async_delete | An asynchronous job was started to destroy a user account, eventually triggering a user.delete event. |
user.audit_log_export | Audit log entries were exported. |
user.block_user | A user was blocked by another user or a site administrator. |
user.change_password | A user changed his or her password. |
user.create | A new user account was created. |
user.creation_rate_limit_exceeded | The rate of creation of user accounts, applications, issues, pull requests or other resources exceeded the configured rate limits, or too many users were followed too quickly. |
user.delete | A user account was destroyed by an asynchronous job. |
user.demote | A site administrator was demoted to an ordinary user account. |
user.destroy | A user deleted his or her account, triggering user.async_delete . |
user.failed_login | A user tries to sign in with an incorrect username, password, or two-factor authentication code. |
user.flag_as_large_scale_contributor | A user account was flagged as a large scale contributor. Only contributions from public repositories the user owns will be shown in their contribution graph, in order to prevent timeouts. |
user.forgot_password | A user requested a password reset via the sign-in page. |
user.hide_private_contributions_count | A user changed the visibility of their private contributions. The number of contributions to private repositories on the user's profile are now hidden. For more information, see "Showing your private contributions and achievements on your profile." |
user.lockout | A user was locked out of their account. |
user.login | A user signed in. |
user.mandatory_message_viewed | A user viewed a mandatory message. For more information see "Customizing user messages for your enterprise" for details." |
user.minimize_comment | A comment made by a user was minimized. |
user.promote | An ordinary user account was promoted to a site administrator. |
user.recreate | A user's account was restored. |
user.remove_email | An email address was removed from a user account. |
user.remove_large_scale_contributor_flag | A user account was no longer flagged as a large scale contributor. |
user.rename | A username was changed. |
user.reset_password | A user reset their account password. |
user.show_private_contributions_count | A user changed the visibility of their private contributions. The number of contributions to private repositories on the user's profile are now shown. For more information, see "Showing your private contributions and achievements on your profile." |
user.sign_in_from_unrecognized_device | A user signed in from an unrecognized device. |
user.sign_in_from_unrecognized_device_and_location | A user signed in from an unrecognized device and location. |
user.sign_in_from_unrecognized_location | A user signed in from an unrecognized location. |
user.suspend | A user account was suspended by an enterprise owner or site administrator. |
user.two_factor_challenge_failure | A 2FA challenge issued for a user account failed. |
user.two_factor_challenge_success | A 2FA challenge issued for a user account succeeded. |
user.two_factor_recover | A user used their 2FA recovery codes. |
user.two_factor_recovery_codes_downloaded | A user downloaded 2FA recovery codes for their account. |
user.two_factor_recovery_codes_printed | A user printed 2FA recovery codes for their account. |
user.two_factor_recovery_codes_viewed | A user viewed 2FA recovery codes for their account. |
user.two_factor_requested | A user was prompted for a two-factor authentication code. |
user.unblock_user | A user was unblocked another user or a site administrator. |
user.unminimize_comment | A comment made by a user was unminimized. |
user.unsuspend | A user account was unsuspended by an enterprise owner or site administrator. |
user_license
category actions
Action | Description |
---|---|
user_license.create | A seat license for a user in an enterprise was created. |
user_license.destroy | A seat license for a user in an enterprise was deleted. |
user_license.update | A seat license type for a user in an enterprise was changed. |
workflows
category actions
Action | Description |
---|---|
workflows.approve_workflow_job | A workflow job was approved. For more information, see "Reviewing deployments." |
workflows.cancel_workflow_run | A workflow run was cancelled. For more information, see "Canceling a workflow." |
workflows.delete_workflow_run | A workflow run was deleted. For more information, see "Deleting a workflow run." |
workflows.disable_workflow | A workflow was disabled. |
workflows.enable_workflow | A workflow was enabled, after previously being disabled by disable_workflow . |
workflows.reject_workflow_job | A workflow job was rejected. For more information, see "Reviewing deployments." |
workflows.rerun_workflow_run | A workflow run was re-run. For more information, see "Re-running workflows and jobs." |
workflows.completed_workflow_run | A workflow status changed to completed . Can only be viewed using the REST API; not visible in the UI or the JSON/CSV export. For more information, see "Viewing workflow run history. |
workflows.created_workflow_run | A workflow run was created. Can only be viewed using the REST API; not visible in the UI or the JSON/CSV export. For more information, see "Understanding GitHub Actions." |
workflows.prepared_workflow_job | A workflow job was started. Includes the list of secrets that were provided to the job. Can only be viewed using the REST API. It is not visible in the GitHub web interface or included in the JSON/CSV export. For more information, see "Events that trigger workflows." |