Skip to main content

Reviewing your security log

You can review the security log for your personal account to better understand actions you've performed and actions others have performed that involve you.

Accessing your security log

The security log lists all actions performed within the last 90 days.

  1. 任意のページで、右上隅にあるプロファイルの画像をクリックし、次に[設定]をクリックします。

    ユーザバーの [Settings(設定)] アイコン

  2. In the "Archives" section of the sidebar, click Security log.

Searching your security log

各監査ログ エントリの名前は、action オブジェクトまたはカテゴリ修飾子と、その後の操作の種類で構成されます。 たとえば、repo.create エントリは repo カテゴリに対する create 操作を意味します。

各 Audit log エントリには、次のようなイベントに関する適切な情報が表示されます:

  • アクションが実行された Organization
  • アクションを実行したユーザー (アクター)
  • アクションによって影響を受けたユーザー
  • アクションの対象となったリポジトリ
  • 実行されたアクションです
  • アクションが実行された国
  • アクションが発生した日時

テキストを使用してエントリを検索することはできません。 ただし、さまざまなフィルターを使用すれば検索クエリを作成できます。 ログを検索するときに使用される多くの演算子 (->< など) は、GitHub 全体で検索するものと同じ形式です。 詳細については、「GitHub 上での検索」を参照してください。

操作に基づく検索

operation 修飾子は、アクションを特定の操作の種類に限定するときに使ってください。 たとえば次のような点です。

  • operation:access は、リソースがアクセスされたすべてのイベントを検索します。
  • operation:authentication は、認証イベントが実行されたすべてのイベントを検索します。
  • operation:create は、リソースが作成されたすべてのイベントを検索します。
  • operation:modify は、既存のリソースが変更されたすべてのイベントを検索します。
  • operation:remove は、既存のリソースが削除されたすべてのイベントを検索します。
  • operation:restore は、既存のリソースが復元されたすべてのイベントを検索します。
  • operation:transfer は、既存のリソースが移動されたすべてのイベントを検索します。

リポジトリに基づく検索

repo 修飾子は、アクションを特定のリポジトリに限定するときに使ってください。 たとえば次のような点です。

  • repo:my-org/our-repo は、my-org 組織内の our-repo リポジトリで発生したすべてのイベントを検索します。
  • repo:my-org/our-repo repo:my-org/another-repo は、my-org組織内の our-repo および another-repo リポジトリで発生したすべてのイベントを検索します。
  • -repo:my-org/not-this-repo は、my-org 組織内の not-this-repo リポジトリで発生したすべてのイベントを除外します。

repo 修飾子内にアカウント名を含める必要があります。repo:our-repo を検索するだけでは機能しません。

ユーザーに基づく検索

actor 修飾子は、アクションを実行した人に基づいてイベントの範囲を指定できます。 たとえば次のような点です。

  • actor:octocatoctocat によって実行されたすべてのイベントを検索します。
  • actor:octocat actor:hubotoctocat および hubot によって実行されたすべてのイベントを検索します。
  • -actor:hubothubot によって実行されたすべてのイベントを除外します。

使用できるのは GitHub のユーザー名のみであり、個人の実名ではないことに注意してください。

Search based on the action performed

The events listed in your security log are triggered by your actions. Actions are grouped into the following categories:

Category nameDescription
billingContains all activities related to your billing information.
codespacesContains all activities related to GitHub Codespaces. For more information, see "About Codespaces."
marketplace_agreement_signatureContains all activities related to signing the GitHub Marketplace Developer Agreement.
marketplace_listingContains all activities related to listing apps in GitHub Marketplace.
oauth_accessContains all activities related to OAuth Apps you've connected with.
payment_methodContains all activities related to paying for your GitHub subscription.
personal_access_tokenContains activities related to fine-grained personal access tokens. For more information, see "Creating a personal access token."
profile_pictureContains all activities related to your profile picture.
projectContains all activities related to project boards.
public_keyContains all activities related to your public SSH keys.
repoContains all activities related to the repositories you own.
sponsorsContains all events related to GitHub Sponsors and sponsor buttons (see "About GitHub Sponsors" and "Displaying a sponsor button in your repository")
two_factor_authenticationContains all activities related to two-factor authentication.
userContains all activities related to your account.

Exporting your security log

ログは、JSONデータあるいはカンマ区切り(CSV)のファイルとしてエクスポートできます。

[エクスポート] ボタン

エクスポートの結果をフィルタリングする場合、 [エクスポート] ドロップダウン メニューを使う前に以下のサポートされている 1 つ以上の修飾子で検索してください。

修飾子値の例
actionteam.create
actoroctocat
usercodertocat
orgocto-org
repoocto-org/documentation
created2019-06-01

エクスポートされたログの出力ファイルには、以下のキーと値があります。

Key値の例
actionteam.create
actoroctocat
usercodertocat
actor_location.country_codeUS
orgocto-org
repoocto-org/documentation
created_at1429548104000 (タイムスタンプは Epoch からの経過時間をミリ秒で示します。)
data.emailoctocat@nowhere.com
data.hook_id245
data.events["issues", "issue_comment", "pull_request", "pull_request_review_comment"]
data.events_were["push", "pull_request", "issues"]
data.target_loginoctocat
data.old_userhubot
data.teamocto-org/engineering

Security log actions

An overview of some of the most common actions that are recorded as events in the security log.

billing category actions

ActionDescription
change_billing_typeTriggered when you change how you pay for GitHub.
change_emailTriggered when you change your email address.

codespaces category actions

ActionDescription
createTriggered when you create a codespace.
resumeTriggered when you resume a suspended codespace.
deleteTriggered when you delete a codespace.
manage_access_and_securityTriggered when you update the repositories a codespace has access to.
trusted_repositories_access_updateTriggered when you change your personal account's access and security setting for Codespaces.

marketplace_agreement_signature category actions

ActionDescription
createTriggered when you sign the GitHub Marketplace Developer Agreement.

marketplace_listing category actions

ActionDescription
approveTriggered when your listing is approved for inclusion in GitHub Marketplace.
createTriggered when you create a listing for your app in GitHub Marketplace.
delistTriggered when your listing is removed from GitHub Marketplace.
redraftTriggered when your listing is sent back to draft state.
rejectTriggered when your listing is not accepted for inclusion in GitHub Marketplace.

oauth_authorization category actions

ActionDescription
createTriggered when you grant access to an OAuth App.
destroyTriggered when you revoke an OAuth App's access to your account and when authorizations are revoked or expire.

payment_method category actions

ActionDescription
createTriggered when a new payment method is added, such as a new credit card or PayPal account.
updateTriggered when an existing payment method is updated.

personal_access_token category actions

ActionDescription
access_grantedTriggered when a fine-grained personal access token that you created is granted access to resources.
access_revokedTriggered when a fine-grained personal access token that you created is revoked. The token can still read public organization resources.
createTriggered when you create a fine-grained personal access token.
credential_regeneratedTriggered when you regenerate a fine-grained personal access token.
destroyTriggered when you delete a fine-grained personal access token.
request_cancelledTriggered when you cancel a pending request for your fine-grained personal access token to access organization resources.
request_createdTriggered when you create a fine-grained personal access token to access organization resources and the organization requires approval before a fine-grained personal access token can access organization resources.
request_deniedTriggered when your request for a fine-grained personal access token to access organization resources is denied. For more information, see "Managing requests for personal access token in your organization."

profile_picture category actions

ActionDescription
updateTriggered when you set or update your profile picture.

project category actions

ActionDescription
accessTriggered when a project board's visibility is changed.
createTriggered when a project board is created.
renameTriggered when a project board is renamed.
updateTriggered when a project board is updated.
deleteTriggered when a project board is deleted.
linkTriggered when a repository is linked to a project board.
unlinkTriggered when a repository is unlinked from a project board.
update_user_permissionTriggered when an outside collaborator is added to or removed from a project board or has their permission level changed.

public_key category actions

ActionDescription
createTriggered when you add a new public SSH key to your account on GitHub.com.
deleteTriggered when you remove a public SSH key to your account on GitHub.com.

repo category actions

ActionDescription
accessTriggered when you a repository you own is switched from "private" to "public" (or vice versa).
add_memberTriggered when a GitHub user is invited to have collaboration access to a repository.
add_topicTriggered when a repository owner adds a topic to a repository.
archivedTriggered when a repository owner archives a repository.
createTriggered when a new repository is created.
destroyTriggered when a repository is deleted.
disableTriggered when a repository is disabled (e.g., for insufficient funds).
download_zipTriggered when a ZIP or TAR archive of a repository is downloaded.
enableTriggered when a repository is re-enabled.
remove_memberTriggered when a GitHub user is removed from a repository as a collaborator.
remove_topicTriggered when a repository owner removes a topic from a repository.
renameTriggered when a repository is renamed.
staff_unlockTriggered when an enterprise owner or GitHub Support (with permission from a repository administrator) temporarily unlocked the repository. The visibility of the repository isn't changed.
transferTriggered when a repository is transferred.
transfer_startTriggered when a repository transfer is about to occur.
unarchivedTriggered when a repository owner unarchives a repository.

sponsors category actions

ActionDescription
custom_amount_settings_changeTriggered when you enable or disable custom amounts, or when you change the suggested custom amount (see "Managing your sponsorship tiers")
repo_funding_links_file_actionTriggered when you change the FUNDING file in your repository (see "Displaying a sponsor button in your repository")
sponsor_sponsorship_cancelTriggered when you cancel a sponsorship (see "Downgrading a sponsorship")
sponsor_sponsorship_createTriggered when you sponsor an account (see "Sponsoring an open source contributor")
sponsor_sponsorship_payment_completeTriggered after you sponsor an account and your payment has been processed (see "Sponsoring an open source contributor")
sponsor_sponsorship_preference_changeTriggered when you change whether you receive email updates from a sponsored developer (see "Managing your sponsorship")
sponsor_sponsorship_tier_changeTriggered when you upgrade or downgrade your sponsorship (see "Upgrading a sponsorship" and "Downgrading a sponsorship")
sponsored_developer_approveTriggered when your GitHub Sponsors account is approved (see "Setting up GitHub Sponsors for your personal account")
sponsored_developer_createTriggered when your GitHub Sponsors account is created (see "Setting up GitHub Sponsors for your personal account")
sponsored_developer_disableTriggered when your GitHub Sponsors account is disabled
sponsored_developer_redraftTriggered when your GitHub Sponsors account is returned to draft state from approved state
sponsored_developer_profile_updateTriggered when you edit your sponsored developer profile (see "Editing your profile details for GitHub Sponsors")
sponsored_developer_request_approvalTriggered when you submit your application for GitHub Sponsors for approval (see "Setting up GitHub Sponsors for your personal account")
sponsored_developer_tier_description_updateTriggered when you change the description for a sponsorship tier (see "Managing your sponsorship tiers")
sponsored_developer_update_newsletter_sendTriggered when you send an email update to your sponsors (see "Contacting your sponsors")
waitlist_invite_sponsored_developerTriggered when you are invited to join GitHub Sponsors from the waitlist (see "Setting up GitHub Sponsors for your personal account")
waitlist_joinTriggered when you join the waitlist to become a sponsored developer (see "Setting up GitHub Sponsors for your personal account")

successor_invitation category actions

ActionDescription
acceptTriggered when you accept a succession invitation (see "Maintaining ownership continuity of your personal account's repositories")
cancelTriggered when you cancel a succession invitation (see "Maintaining ownership continuity of your personal account's repositories")
createTriggered when you create a succession invitation (see "Maintaining ownership continuity of your personal account's repositories")
declineTriggered when you decline a succession invitation (see "Maintaining ownership continuity of your personal account's repositories")
revokeTriggered when you revoke a succession invitation (see "Maintaining ownership continuity of your personal account's repositories")

two_factor_authentication category actions

ActionDescription
enabledTriggered when two-factor authentication is enabled.
disabledTriggered when two-factor authentication is disabled.

user category actions

ActionDescription
add_emailTriggered when you add a new email address.
codespaces_trusted_repo_access_grantedTriggered when you allow the codespaces you create for a repository to access other repositories owned by your personal account.
codespaces_trusted_repo_access_revokedTriggered when you disallow the codespaces you create for a repository to access other repositories owned by your personal account.
createTriggered when you create a new personal account.
change_passwordTriggered when you change your password.
forgot_passwordTriggered when you ask for a password reset.
hide_private_contributions_countTriggered when you hide private contributions on your profile.
loginTriggered when you log in to GitHub.com.
failed_loginTriggered when you failed to log in successfully.
remove_emailTriggered when you remove an email address.
renameTriggered when you rename your account.
report_contentTriggered when you report an issue or pull request, or a comment on an issue, pull request, or commit.
show_private_contributions_countTriggered when you publicize private contributions on your profile.
two_factor_requestedTriggered when GitHub asks you for your two-factor authentication code.

user_status category actions

ActionDescription
updateTriggered when you set or change the status on your profile. For more information, see "Setting a status."
destroyTriggered when you clear the status on your profile.