Note: This article contains the events that may appear in the audit log for an enterprise. For the events that can appear in a user account's security log or the audit log for an organization, see "Security log events" and "Audit log events for your organization."
About audit log events for your enterprise
The scope of the events that appear in your enterprise's audit log depend on whether your enterprise uses Enterprise Managed Users. For more information about Enterprise Managed Users, see "About Enterprise Managed Users."
- If your enterprise does not use Enterprise Managed Users, the audit log only includes events related to the enterprise account and the organizations within the enterprise account, which are listed in this article.
- If your enterprise uses Enterprise Managed Users, the audit log also includes user events for managed user accounts, such as each time the user logs in to GitHub Enterprise Cloud and actions they take within their user account. For a list of these user account events, see "Security log events."
account category actions
| Action | Description |
|---|---|
account.billing_plan_change | An organization's billing cycle changed. For more information, see "Changing the duration of your billing cycle." |
account.plan_change | An organization's subscription changed. For more information, see "About billing for GitHub accounts." |
account.pending_plan_change | An organization owner or billing manager canceled or downgraded a paid subscription. For more information, see "How does upgrading or downgrading affect the billing process?." |
account.pending_subscription_change | A GitHub Marketplace free trial started or expired. For more information, see "About billing for GitHub Marketplace." |
advisory_credit category actions
| Action | Description |
|---|---|
advisory_credit.accept | Someone accepted credit for a security advisory. For more information, see "Editing a repository security advisory." |
advisory_credit.create | The administrator of a security advisory added someone to the credit section. |
advisory_credit.decline | Someone declined credit for a security advisory. |
advisory_credit.destroy | The administrator of a security advisory removed someone from the credit section. |
artifact category actions
| Action | Description |
|---|---|
artifact.destroy | A workflow run artifact was manually deleted. |
audit_log_streaming category actions
| Action | Description |
|---|---|
audit_log_streaming.check | A manual check was performed of the endpoint configured for audit log streaming. |
audit_log_streaming.create | An endpoint was added for audit log streaming. |
audit_log_streaming.update | An endpoint configuration was updated for audit log streaming, such as the stream was paused, enabled, or disabled. |
audit_log_streaming.destroy | An audit log streaming endpoint was deleted. |
billing category actions
| Action | Description |
|---|---|
billing.change_billing_type | An organization changed how it paid for GitHub. For more information, see "Adding or editing a payment method." |
billing.change_email | An organization's billing email address changed. For more information, see "Setting your billing email." |
business category actions
| Action | Description |
|---|---|
business.add_admin | An enterprise owner was added to an enterprise. |
business.add_billing_manager | A billing manager was added to an enterprise. |
business.add_organization | An organization was added to an enterprise. |
business.add_support_entitlee | A support entitlement was added to a member of an enterprise. For more information, see "Managing support entitlements for your enterprise." |
business.cancel_admin_invitation | An invitation for someone to be an owner of an enterprise was canceled. |
business.cancel_billing_manager_invitation | An invitation for someone to be an billing manager of an enterprise was canceled. |
business.clear_default_repository_permission | An enterprise owner cleared the base repository permission policy setting for an enterprise. For more information, see "Enforcing repository management policies in your enterprise." |
business.clear_members_can_create_repos | An enterprise owner cleared a restriction on repository creation in organizations in the enterprise. For more information, see "Enforcing repository management policies in your enterprise." |
business.create | An enterprise was created. |
business.disable_oidc | OIDC single sign-on was disabled for an enterprise. For more information, see "Configuring OIDC for Enterprise Managed Users." |
business.disable_saml | SAML single sign-on was disabled for an enterprise. |
business.disable_two_factor_requirement | The requirement for members to have two-factor authentication enabled to access an enterprise was disabled. |
business.enable_oidc | OIDC single sign-on was enabled for an enterprise. For more information, see "Configuring OIDC for Enterprise Managed Users." |
business.enable_saml | SAML single sign-on was enabled for an enterprise. |
business.enable_two_factor_requirement | The requirement for members to have two-factor authentication enabled to access an enterprise was enabled. |
business.enterprise_server_license_download | A GitHub Enterprise Server license was downloaded. |
business.import_license_usage | License usage information was imported from a GitHub Enterprise Server instance to an enterprise account on GitHub.com. |
business.invite_admin | An invitation for someone to be an enterprise owner of an enterprise was sent. |
business.invite_billing_manager | An invitation for someone to be an billing manager of an enterprise was sent. |
business.members_can_update_protected_branches.clear | An enterprise owner unset a policy for whether members of an enterprise can update protected branches on repositories for individual organizations. Organization administrators can choose whether to allow updating protected branches settings. |
business.members_can_update_protected_branches.disable | The ability for enterprise members to update branch protection rules was disabled. Only enterprise owners can update protected branches. |
business.members_can_update_protected_branches.enable | The ability for enterprise members to update branch protection rules was enabled. Enterprise owners and members can update protected branches. |
business.remove_admin | An enterprise owner was removed from an enterprise. |
business.remove_billing_manager | A billing manager was removed from an enterprise. |
business.remove_member | A member was removed from an enterprise. |
business.remove_organization | An organization was removed from an enterprise. |
business.remove_support_entitlee | A support entitlement was removed from a member of an enterprise. For more information, see "Managing support entitlements for your enterprise." |
business.rename_slug | The slug for the enterprise URL was renamed. |
business.revoke_external_identity | The external identity for a member in an enterprise was revoked. |
business.revoke_sso_session | The SAML single sign-on session for a member in an enterprise was revoked. |
business.set_actions_fork_pr_approvals_policy | The setting for requiring approvals for workflows from public forks was changed for an enterprise. For more information, see "Enforcing policies for GitHub Actions in your enterprise." |
business.set_actions_retention_limit | The retention period for GitHub Actions artifacts and logs was changed for an enterprise. For more information, see "Enforcing policies for GitHub Actions in your enterprise." |
business.set_fork_pr_workflows_policy | The policy for workflows on private repository forks was changed. For more information, see "Enforcing policies for GitHub Actions in an enterprise." |
business.sso_response | A SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your enterprise. This event is only available via audit log streaming and the REST API. |
business.update_default_repository_permission | The base repository permission setting was updated for all organizations in an enterprise. For more information, see "Enforcing repository management policies in your enterprise." |
business.update_member_repository_creation_permission | The repository creation setting was updated for an enterprise. For more information, see "Enforcing repository management policies in your enterprise." |
business.update_member_repository_invitation_permission | The policy setting for enterprise members inviting outside collaborators to repositories was updated. For more information, see "Enforcing repository management policies in your enterprise." |
business.update_saml_provider_settings | The SAML single sign-on provider settings for an enterprise were updated. |
business_advanced_security category actions
| Action | Description |
|---|---|
business_advanced_security.disabled | GitHub Advanced Security was disabled for your enterprise. For more information, see "Managing GitHub Advanced Security features for your enterprise." |
business_advanced_security.enabled | GitHub Advanced Security was enabled for your enterprise. For more information, see "Managing GitHub Advanced Security features for your enterprise." |
business_advanced_security.disabled_for_new_repos | GitHub Advanced Security was disabled for new repositories in your enterprise. For more information, see "Managing GitHub Advanced Security features for your enterprise." |
business_advanced_security.enabled_for_new_repos | GitHub Advanced Security was enabled for new repositories in your enterprise. For more information, see "Managing GitHub Advanced Security features for your enterprise." |
business_secret_scanning category actions
| Action | Description |
|---|---|
business_secret_scanning.disable | Secret scanning was disabled for your enterprise. For more information, see "Managing GitHub Advanced Security features for your enterprise." |
business_secret_scanning.enable | Secret scanning was enabled for your enterprise. For more information, see "Managing GitHub Advanced Security features for your enterprise." |
business_secret_scanning.disabled_for_new_repos | Secret scanning was disabled for new repositories in your enterprise. For more information, see "Managing GitHub Advanced Security features for your enterprise." |
business_secret_scanning.enabled_for_new_repos | Secret scanning was enabled for new repositories in your enterprise. For more information, see "Managing GitHub Advanced Security features for your enterprise." |
business_secret_scanning_custom_pattern category actions
| Action | Description |
|---|---|
business_secret_scanning_custom_pattern.create | An enterprise-level custom pattern is published for secret scanning. For more information, see "Defining custom patterns for secret scanning." |
business_secret_scanning_custom_pattern.delete | An enterprise-level custom pattern is removed from secret scanning. |
business_secret_scanning_custom_pattern.update | Changes to an enterprise-level custom pattern are saved for secret scanning. |
business_secret_scanning_custom_pattern_push_protection category actions
| Action | Description |
|---|---|
business_secret_scanning_custom_pattern_push_protection.enabled | Push protection for a custom pattern for secret scanning was enabled for your enterprise. For more information, see "Defining custom patterns for secret scanning." |
business_secret_scanning_custom_pattern_push_protection.disabled | Push protection for a custom pattern for secret scanning was disabled for your enterprise. For more information, see "Defining custom patterns for secret scanning." |
business_secret_scanning_push_protection category actions
| Action | Description |
|---|---|
business_secret_scanning_push_protection.disable | Push protection for secret scanning was disabled for your enterprise. For more information, see "Managing GitHub Advanced Security features for your enterprise." |
business_secret_scanning_push_protection.enable | Push protection for secret scanning was enabled for your enterprise. For more information, see "Managing GitHub Advanced Security features for your enterprise." |
business_secret_scanning_push_protection.disabled_for_new_repos | Push protection for secret scanning was disabled for new repositories in your enterprise. For more information, see "Managing GitHub Advanced Security features for your enterprise." |
business_secret_scanning_push_protection.enabled_for_new_repos | Push protection for secret scanning was enabled for new repositories in your enterprise. For more information, see "Managing GitHub Advanced Security features for your enterprise." |
business_secret_scanning_push_protection_custom_message category actions
| Action | Description |
|---|---|
business_secret_scanning_push_protection_custom_message.disable | The custom message triggered by an attempted push to a push-protected repository was disabled for your enterprise. For more information, see "Managing GitHub Advanced Security features for your enterprise." |
business_secret_scanning_push_protection_custom_message.enable | The custom message triggered by an attempted push to a push-protected repository was enabled for your enterprise. For more information, see "Managing GitHub Advanced Security features for your enterprise." |
business_secret_scanning_push_protection_custom_message.update | The custom message triggered by an attempted push to a push-protected repository was updated for your enterprise. For more information, see "Managing GitHub Advanced Security features for your enterprise." |
checks category actions
| Action | Description |
|---|---|
checks.auto_trigger_disabled | Automatic creation of check suites was disabled on a repository in the organization or enterprise. For more information, see "Checks." |
checks.auto_trigger_enabled | Automatic creation of check suites was enabled on a repository in the organization or enterprise. For more information, see "Checks." |
checks.delete_logs | Logs in a check suite were deleted. |
codespaces category actions
| Action | Description |
|---|---|
codespaces.connect | A codespace was started. |
codespaces.create | A user created a codespace. |
codespaces.destroy | A user deleted a codespace. |
codespaces.allow_permissions | A codespace using custom permissions from its devcontainer.json file was launched. |
codespaces.attempted_to_create_from_prebuild | An attempt to create a codespace from a prebuild was made. |
codespaces.create_an_org_secret | A user created an organization-level secret for GitHub Codespaces |
codespaces.update_an_org_secret | A user updated an organization-level secret for GitHub Codespaces. |
codespaces.remove_an_org_secret | A user removed an organization-level secret for GitHub Codespaces. |
codespaces.manage_access_and_security | A user updated which repositories a codespace can access. |
commit_comment category actions
| Action | Description |
|---|---|
commit_comment.destroy | A commit comment was deleted. |
commit_comment.update | A commit comment was updated. |
dependabot_alerts category actions
| Action | Description |
|---|---|
dependabot_alerts.disable | An enterprise owner disabled Dependabot alerts for all existing private repositories. For more information, see "Managing security and analysis settings for your organization." |
dependabot_alerts.enable | An enterprise owner enabled Dependabot alerts for all existing private repositories. |
dependabot_alerts_new_repos category actions
| Action | Description |
|---|---|
dependabot_alerts_new_repos.disable | An enterprise owner disabled Dependabot alerts for all new private repositories. For more information, see "Managing security and analysis settings for your organization." |
dependabot_alerts_new_repos.enable | An enterprise owner enabled Dependabot alerts for all new private repositories. |
dependabot_repository_accesscategory actions
| Action | Description |
|---|---|
dependabot_repository_access.repositories_updated | The repositories that Dependabot can access were updated. |
dependabot_security_updates category actions
| Action | Description |
|---|---|
dependabot_security_updates.disable | An enterprise owner disabled Dependabot security updates for all existing repositories. For more information, see "Managing security and analysis settings for your organization." |
dependabot_security_updates.enable | An enterprise owner enabled Dependabot security updates for all existing repositories. |
dependabot_security_updates_new_repos category actions
| Action | Description |
|---|---|
dependabot_security_updates_new_repos.disable | An enterprise owner disabled Dependabot security updates for all new repositories. For more information, see "Managing security and analysis settings for your organization." |
dependabot_security_updates_new_repos.enable | An enterprise owner enabled Dependabot security updates for all new repositories. |
dependency_graph category actions
| Action | Description |
|---|---|
dependency_graph.disable | An enterprise owner disabled the dependency graph for all existing repositories. For more information, see "Managing security and analysis settings for your organization." |
dependency_graph.enable | An enterprise owner enabled the dependency graph for all existing repositories. |
dependency_graph_new_repos category actions
| Action | Description |
|---|---|
dependency_graph_new_repos.disable | An enterprise owner disabled the dependency graph for all new repositories. For more information, see "Managing security and analysis settings for your organization." |
dependency_graph_new_repos.enable | An enterprise owner enabled the dependency graph for all new repositories. |
dotcom_connection category actions
| Action | Description |
|---|---|
dotcom_connection.create | A GitHub Connect connection to GitHub.com was created. |
dotcom_connection.destroy | A GitHub Connect connection to GitHub.com was deleted. |
dotcom_connection.token_updated | The GitHub Connect connection token for GitHub.com was updated. |
dotcom_connection.upload_license_usage | GitHub Enterprise Server license usage was manually uploaded to GitHub Enterprise Cloud. |
dotcom_connection.upload_usage_metrics | GitHub Enterprise Server usage metrics were uploaded to GitHub.com. |
enterprise category actions
| Action | Description |
|---|---|
enterprise.config.disable_anonymous_git_access | An enterprise owner disabled anonymous Git read access for repositories in the enterprise. For more information, see "Enforcing repository management policies in your enterprise." |
enterprise.config.enable_anonymous_git_access | An enterprise owner enabled anonymous Git read access for repositories in the enterprise. For more information, see "Enforcing repository management policies in your enterprise." |
enterprise.config.lock_anonymous_git_access | An enterprise owner locked anonymous Git read access to prevent repository admins from changing existing anonymous Git read access settings for repositories in the enterprise. For more information, see "Enforcing repository management policies in your enterprise." |
enterprise.config.unlock_anonymous_git_access | An enterprise owner unlocked anonymous Git read access to allow repository admins to change existing anonymous Git read access settings for repositories in the enterprise. For more information, see "Enforcing repository management policies in your enterprise." |
enterprise.register_self_hosted_runner | A new GitHub Actions self-hosted runner was registered. For more information, see "Adding self-hosted runners." |
enterprise.remove_self_hosted_runner | A GitHub Actions self-hosted runner was removed. For more information, see "Removing self-hosted runners." |
enterprise.runner_group_created | A GitHub Actions self-hosted runner group was created. For more information, see "Managing access to self-hosted runners using groups." |
enterprise.runner_group_removed | A GitHub Actions self-hosted runner group was removed. For more information, see "Managing access to self-hosted runners using groups." |
enterprise.runner_group_renamed | A GitHub Actions self-hosted runner group was renamed. For more information, see "Managing access to self-hosted runners using groups." |
enterprise.runner_group_updated | The configuration of a GitHub Actions self-hosted runner group was changed. For more information, see "Managing access to self-hosted runners using groups." |
enterprise.runner_group_runner_removed | The REST API was used to remove a GitHub Actions self-hosted runner from a group. For more information, see "Actions." |
enterprise.runner_group_runners_added | A GitHub Actions self-hosted runner was added to a group. For more information, see Moving a self-hosted runner to a group. |
enterprise.runner_group_runners_updated | A GitHub Actions runner group's list of members was updated. For more information, see "Actions." |
enterprise.runner_group_visiblity_updated | The visibility of a GitHub Actions self-hosted runner group was updated via the REST API. For more information, see "Actions." |
enterprise.self_hosted_runner_online | The GitHub Actions runner application was started. Can only be viewed using the REST API; not visible in the UI or JSON/CSV export. For more information, see "Monitoring and troubleshooting self-hosted runners." |
enterprise.self_hosted_runner_offline | The GitHub Actions runner application was stopped. Can only be viewed using the REST API; not visible in the UI or JSON/CSV export. For more information, see "Monitoring and troubleshooting self-hosted runners." |
enterprise.self_hosted_runner_updated | The GitHub Actions runner application was updated. Can be viewed using the REST API and the UI; not visible in the JSON/CSV export. For more information, see "About self-hosted runners." |
enterprise_domain category actions
| Action | Description |
|---|---|
enterprise_domain.approve | An enterprise domain was approved for an enterprise. For more information, see "Verifying or approving a domain for your enterprise." |
enterprise_domain.create | An enterprise domain was added to an enterprise. For more information, see "Verifying or approving a domain for your enterprise." |
enterprise_domain.destroy | An enterprise domain was removed from an enterprise. For more information, see "Verifying or approving a domain for your enterprise." |
enterprise_domain.verify | An enterprise domain was verified for an enterprise. For more information, see "Verifying or approving a domain for your enterprise." |
enterprise_installation category actions
| Action | Description |
|---|---|
enterprise_installation.create | The GitHub App associated with an GitHub Connect enterprise connection was created. |
enterprise_installation.destroy | The GitHub App associated with an GitHub Connect enterprise connection was deleted. |
enterprise_installation.token_updated | The token belonging to GitHub App associated with an GitHub Connect enterprise connection was updated. |
environment category actions
| Action | Description |
|---|---|
environment.add_protection_rule | A GitHub Actions environment protection rule was created via the API. For more information, see "Using environments for deployment." |
environment.create_actions_secret | A secret was created for a GitHub Actions environment via the API. For more information, see "Using environments for deployment." |
environment.delete | An environment was deleted via the API. For more information, see "Using environments for deployment." |
environment.remove_actions_secret | A secret was deleted for a GitHub Actions environment via the API. For more information, see "Using environments for deployment." |
environment.remove_protection_rule | A GitHub Actions environment protection rule was deleted via the API. For more information, see "Using environments for deployment." |
environment.update_actions_secret | A secret was updated for a GitHub Actions environment via the API. For more information, see "Using environments for deployment." |
environment.update_protection_rule | A GitHub Actions environment protection rule was updated via the API. For more information, see "Using environments for deployment." |
git category actions
Note: Git events are not included in search results.
| Action | Description |
|---|---|
git.clone | A repository was cloned. |
git.fetch | Changes were fetched from a repository. |
git.push | Changes were pushed to a repository. |
hook category actions
| Action | Description |
|---|---|
hook.config_changed | A hook's configuration was changed. |
hook.create | A new hook was added. |
hook.destroy | A hook was deleted. |
hook.events_changed | A hook's configured events were changed. |
integration category actions
| Action | Description |
|---|---|
integration.create | An integration was created. |
integration.destroy | An integration was deleted. |
integration.manager_added | A member of an enterprise or organization was added as an integration manager. |
integration.manager_removed | A member of an enterprise or organization was removed from being an integration manager. |
integration.transfer | Ownership of an integration was transferred to another user or organization. |
integration.remove_client_secret | A client secret for an integration was removed. |
integration.revoke_all_tokens | All user tokens for an integration were requested to be revoked. |
integration.revoke_tokens | Token(s) for an integration were revoked. |
integration_installation category actions
| Action | Description |
|---|---|
integration_installation.contact_email_changed | A contact email for an integration was changed. |
integration_installation.create | An integration was installed. |
integration_installation.destroy | An integration was uninstalled. |
integration_installation.repositories_added | Repositories were added to an integration. |
integration_installation.repositories_removed | Repositories were removed from an integration. |
integration_installation.suspend | An integration was suspended. |
integration_installation.unsuspend | An integration was unsuspended. |
integration_installation.version_updated | Permissions for an integration were updated. |
integration_installation_request category actions
| Action | Description |
|---|---|
integration_installation_request.create | An member requested that an owner install an integration for use in an enterprise or organization. |
integration_installation_request.close | A request to install an integration for use in an enterprise or organization was either approved or denied by an owner, or canceled by the member who opened the request. |
ip_allow_list category actions
| Action | Description |
|---|---|
ip_allow_list.enable | An IP allow list was enabled. |
ip_allow_list.enable_for_installed_apps | An IP allow list was enabled for installed GitHub Apps. |
ip_allow_list.disable | An IP allow list was disabled. |
ip_allow_list.disable_for_installed_apps | An IP allow list was disabled for installed GitHub Apps. |
ip_allow_list_entry category actions
| Action | Description |
|---|---|
ip_allow_list_entry.create | An IP address was added to an IP allow list. |
ip_allow_list_entry.update | An IP address or its description was changed. |
ip_allow_list_entry.destroy | An IP address was deleted from an IP allow list. |
issue category actions
| Action | Description |
|---|---|
issue.destroy | An issue was deleted from the repository. For more information, see "Deleting an issue." |
issue.pinned | An issue was pinned to a repository. For more information, see "Pinning an issue to your repository." |
issue.transfer | An issue was transferred to another repository. For more information, see "Transferring an issue to another repository." |
issue.unpinned | An issue was unpinned from a repository. For more information, see "Pinning an issue to your repository." |
issue_comment category actions
| Action | Description |
|---|---|
issue_comment.destroy | A comment on an issue was deleted from the repository. |
issue_comment.pinned | A comment on an issue was pinned to a repository. |
issue_comment.unpinned | A comment on an issue was unpinned from a repository. |
issue_comment.update | A comment on an issue (other than the initial one) changed. |
issues category actions
| Action | Description |
|---|---|
issues.deletes_disabled | The ability for enterprise members to delete issues was disabled. Members cannot delete issues in any organizations in an enterprise. For more information, see "Enforcing repository management policies in your enterprise." |
issues.deletes_enabled | The ability for enterprise members to delete issues was enabled. Members can delete issues in any organizations in an enterprise. For more information, see "Enforcing repository management policies in your enterprise." |
issues.deletes_policy_cleared | An enterprise owner cleared the policy setting for allowing members to delete issues in an enterprise. For more information, see "Enforcing repository management policies in your enterprise." |
marketplace_agreement_signature category actions
| Action | Description |
|---|---|
marketplace_agreement_signature.create | A user signed the GitHub Marketplace Developer Agreement on behalf of an organization. |
marketplace_listing category actions
| Action | Description |
|---|---|
marketplace_listing.approve | A listing was approved for inclusion in GitHub Marketplace. |
marketplace_listing.change_category | A category for a listing for an app in GitHub Marketplace was changed. |
marketplace_listing.create | A listing for an app in GitHub Marketplace was created. |
marketplace_listing.delist | A listing was removed from GitHub Marketplace. |
marketplace_listing.redraft | A listing was sent back to draft state. |
marketplace_listing.reject | A listing was not accepted for inclusion in GitHub Marketplace. |
members_can_create_pages category actions
| Action | Description |
|---|---|
members_can_create_pages.disable | The ability for members to publish GitHub Pages was disabled. Members cannot publish GitHub Pages in an organization. For more information, see "Managing the publication of GitHub Pages sites for your organization." |
members_can_create_pages.enable | The ability for members to publish GitHub Pages was enabled. Members can publish GitHub Pages in an organization. For more information, see "Managing the publication of GitHub Pages sites for your organization." |
members_can_create_private_pages category actions
| Action | Description |
|---|---|
members_can_create_private_pages.disable | The ability for members to publish private GitHub Pages was disabled. Members cannot publish private GitHub Pages in an organization. For more information, see "Managing the publication of GitHub Pages sites for your organization." |
members_can_create_private_pages.enable | The ability for members to publish private GitHub Pages was enabled. Members can publish private GitHub Pages in an organization. For more information, see "Managing the publication of GitHub Pages sites for your organization." |
members_can_create_public_pages category actions
| Action | Description |
|---|---|
members_can_create_public_pages.disable | The ability for members to publish public GitHub Pages was disabled. Members cannot publish public GitHub Pages in an organization. For more information, see "Managing the publication of GitHub Pages sites for your organization." |
members_can_create_public_pages.enable | The ability for members to publish public GitHub Pages was enabled. Members can publish public GitHub Pages in an organization. For more information, see "Managing the publication of GitHub Pages sites for your organization." |
members_can_delete_repos category actions
| Action | Description |
|---|---|
members_can_delete_repos.clear | An enterprise owner cleared the policy setting for deleting or transferring repositories in any organizations in an enterprise. For more information, see "Enforcing repository management policies in your enterprise." |
members_can_delete_repos.disable | The ability for enterprise members to delete repositories was disabled. Members cannot delete or transfer repositories in any organizations in an enterprise. For more information, see "Enforcing repository management policies in your enterprise." |
members_can_delete_repos.enable | The ability for enterprise members to delete repositories was enabled. Members can delete or transfer repositories in any organizations in an enterprise. For more information, see "Enforcing repository management policies in your enterprise." |
members_can_view_dependency_insights category actions
| Action | Description |
|---|---|
members_can_view_dependency_insights.clear | An enterprise owner cleared the policy setting for viewing dependency insights in any organizations in an enterprise. For more information, see "Enforcing policies for dependency insights in your enterprise." |
members_can_view_dependency_insights.disable | The ability for enterprise members to view dependency insights was disabled. Members cannot view dependency insights in any organizations in an enterprise. For more information, see "Enforcing policies for dependency insights in your enterprise." |
members_can_view_dependency_insights.enable | The ability for enterprise members to view dependency insights was enabled. Members can view dependency insights in any organizations in an enterprise. For more information, see "Enforcing policies for dependency insights in your enterprise." |
migration category actions
| Action | Description |
|---|---|
migration.create | A migration file was created for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance. |
migration.destroy_file | A migration file for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance was deleted. |
migration.download | A migration file for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance was downloaded. |
oauth_access category actions
| Action | Description |
|---|---|
oauth_access.create | An OAuth access token was generated for a user account. For more information, see "Creating a personal access token." |
oauth_access.destroy | An OAuth access token was deleted from a user account. |
oauth_application category actions
| Action | Description |
|---|---|
oauth_application.create | An OAuth application was created for a user or organization account. |
oauth_application.destroy | An OAuth application was deleted from a user or organization account. |
oauth_application.generate_client_secret | An OAuth application's secret key was generated. |
oauth_application.remove_client_secret | An OAuth application's secret key was deleted. |
oauth_application.reset_secret | An OAuth application's secret key was reset. |
oauth_application.revoke_all_tokens | All user tokens for an OAuth application were requested to be revoked. |
oauth_application.revoke_tokens | Token(s) for an OAuth application were revoked. |
oauth_application.transfer | An OAuth application was transferred from one user or organization account to another. |
oauth_authorization category actions
| Action | Description |
|---|---|
oauth_authorization.create | An authorization for an OAuth application was created. For more information, see "Authorizing OAuth Apps." |
oauth_authorization.destroy | An authorization for an OAuth application was deleted. For more information, see "Authorizing OAuth Apps." |
oauth_authorization.update | An authorization for an OAuth application was updated. For more information, see "Authorizing OAuth Apps." |
org category actions
| Action | Description |
|---|---|
org.accept_business_invitation | An invitation sent to an organization to join an enterprise was accepted. For more information, see "Adding organizations to your enterprise." |
org.add_billing_manager | A billing manager was added to an organization. For more information, see "Adding a billing manager to your organization." |
org.add_member | A user joined an organization. |
org.advanced_security_disabled_for_new_repos | GitHub Advanced Security was disabled for new repositories in an organization. |
org.advanced_security_disabled_on_all_repos | GitHub Advanced Security was disabled for all repositories in an organization. |
org.advanced_security_enabled_for_new_repos | GitHub Advanced Security was enabled for new repositories in an organization. |
org.advanced_security_enabled_on_all_repos | GitHub Advanced Security was enabled for all repositories in an organization. |
org.advanced_security_policy_selected_member_disabled | An enterprise owner prevented GitHub Advanced Security features from being enabled for repositories owned by the organization. For more information, see "Enforcing policies for Advanced Security in your enterprise." |
org.advanced_security_policy_selected_member_enabled | An enterprise owner allowed GitHub Advanced Security features to be enabled for repositories owned by the organization. For more information, see "Enforcing policies for Advanced Security in your enterprise." |
org.advanced_security_policy_update | An organization owner updated polices for GitHub Advanced Security in an enterprise. For more information, see "Enforcing policies for Advanced Security in your enterprise." |
org.async_delete | A user initiated a background job to delete an organization. |
org.audit_log_export | An organization owner created an export of the organization audit log. If the export included a query, the log will list the query used and the number of audit log entries matching that query. For more information, see "Exporting audit log activity for your enterprise." |
org.block_user | An organization owner blocked a user from accessing the organization's repositories. For more information, see "Blocking a user from your organization." |
org.cancel_business_invitation | An invitation for an organization to join an enterprise was revoked. For more information, see "Adding organizations to your enterprise." |
org.cancel_invitation | An invitation sent to a user to join an organization was revoked. |
org.clear_actions_settings | An organization owner cleared GitHub Actions policy settings for an organization. For more information, see "Disabling or limiting GitHub Actions for your organization." |
org.clear_default_repository_permission | An organization owner cleared the base repository permission policy setting for an organization. For more information, see "Setting base permissions for an organization." |
org.clear_member_team_creation_permission | An organization owner cleared the new teams creation setting for an organization. For more information, see "Setting team creation permissions in your organization." |
org.clear_reader_discussion_creation_permission | An organization owner cleared the new discussion creation setting for an organization. For more information, see "Managing discussion creation for repositories in your organization." |
org.clear_members_can_create_repos | An organization owner cleared a restriction on repository creation in an organization. For more information, see "Restricting repository creation in your organization." |
org.clear_members_can_invite_outside_collaborators | An organization owner cleared the outside collaborators invitation policy for an organization. For more information, see "Setting permissions for adding outside collaborators." |
org.clear_new_repository_default_branch_setting | An organization owner cleared the default branch name for new repositories setting for an organization. For more information, see "Managing the default branch name for repositories in your organization." |
org.codespaces_trusted_repo_access_granted | GitHub Codespaces was granted trusted repository access to all other repositories in an organization. For more information, see "Managing repository access for your organization's codespaces." |
org.codespaces_trusted_repo_access_revoked | GitHub Codespaces trusted repository access to all other repositories in an organization was revoked. For more information, see "Managing repository access for your organization's codespaces." |
org.config.disable_collaborators_only | The interaction limit for collaborators only for an organization was disabled. For more information, see "Limiting interactions in your organization." |
org.config.disable_contributors_only | The interaction limit for prior contributors only for an organization was disabled. For more information, see "Limiting interactions in your organization." |
org.config.disable_sockpuppet_disallowed | The interaction limit for existing users only for an organization was disabled. For more information, see "Limiting interactions in your organization." |
org.config.enable_collaborators_only | The interaction limit for collaborators only for an organization was enabled. For more information, see "Limiting interactions in your organization." |
org.config.enable_contributors_only | The interaction limit for prior contributors only for an organization was enabled. For more information, see "Limiting interactions in your organization." |
org.config.enable_sockpuppet_disallowed | The interaction limit for existing users only for an organization was enabled. For more information, see "Limiting interactions in your organization." |
org.confirm_business_invitation | An invitation for an organization to join an enterprise was confirmed. For more information, see "Adding organizations to your enterprise." |
org.create | An organization was created. For more information, see "Creating a new organization from scratch." |
org.create_actions_secret | A GitHub Actions secret was created for an organization. For more information, see "Encrypted secrets." |
org.create_integration_secret | A Dependabot or GitHub Codespaces integration secret was created for an organization. |
org.delete | An organization was deleted by a user-initiated background job. |
org.disable_member_team_creation_permission | An organization owner limited team creation to owners. For more information, see "Setting team creation permissions in your organization." |
org.disable_reader_discussion_creation_permission | An organization owner limited discussion creation to users with at least triage permission in an organization. For more information, see "Managing discussion creation for repositories in your organization." |
org.disable_oauth_app_restrictions | Third-party application access restrictions for an organization were disabled. For more information, see "Disabling OAuth App access restrictions for your organization." |
org.disable_saml | An organization owner disabled SAML single sign-on for an organization. |
org.disable_two_factor_requirement | An organization owner disabled a two-factor authentication requirement for all members, billing managers, and outside collaborators in an organization. |
org.display_commenter_full_name_disabled | An organization owner disabled the display of a commenter's full name in an organization. Members cannot see a comment author's full name. |
org.display_commenter_full_name_enabled | An organization owner enabled the display of a commenter's full name in an organization. Members can see a comment author's full name. |
org.enable_member_team_creation_permission | An organization owner allowed members to create teams. For more information, see "Setting team creation permissions in your organization." |
org.enable_reader_discussion_creation_permission | An organization owner allowed users with read access to create discussions in an organization. For more information, see "Managing discussion creation for repositories in your organization." |
org.enable_oauth_app_restrictions | Third-party application access restrictions for an organization were enabled. For more information, see "Enabling OAuth App access restrictions for your organization." |
org.enable_saml | An organization owner enabled SAML single sign-on for an organization. |
org.enable_two_factor_requirement | An organization owner requires two-factor authentication for all members, billing managers, and outside collaborators in an organization. |
org.integration_manager_added | An organization owner granted a member access to manage all GitHub Apps owned by an organization. |
org.integration_manager_removed | An organization owner removed access to manage all GitHub Apps owned by an organization from an organization member. |
org.invite_member | A new user was invited to join an organization. For more information, see "Inviting users to join your organization." |
org.invite_to_business | An organization was invited to join an enterprise. |
org.members_can_update_protected_branches.clear | An organization owner unset a policy for whether members of an organization can update protected branches on repositories in an organization. Organization administrators can choose whether to allow updating protected branches settings. |
org.members_can_update_protected_branches.disable | The ability for enterprise members to update protected branches was disabled. Only enterprise owners can update protected branches. |
org.members_can_update_protected_branches.enable | The ability for enterprise members to update protected branches was enabled. Members of an organization can update protected branches. |
org.oauth_app_access_approved | An owner granted organization access to an OAuth App. |
org.oauth_app_access_denied | An owner disabled a previously approved OAuth App's access to an organization. |
org.oauth_app_access_requested | An organization member requested that an owner grant an OAuth App access to an organization. |
org.recreate | An organization was restored. |
org.register_self_hosted_runner | A new self-hosted runner was registered. For more information, see "Adding self-hosted runners." |
org.remove_actions_secret | A GitHub Actions secret was removed. |
org.remove_integration_secret | A Dependabot or GitHub Codespaces integration secret was removed from an organization. |
org.remove_billing_manager | An owner removed a billing manager from an organization. For more information, see "Removing a billing manager from your organization" or when two-factor authentication was required in an organization and a billing manager didn't use 2FA or disabled 2FA. |
org.remove_member | An owner removed a member from an organization or when two-factor authentication was required in an organization and an organization member doesn't use 2FA or disabled 2FA. Also an organization member removed themselves from an organization. |
org.remove_outside_collaborator | An owner removed an outside collaborator from an organization or when two-factor authentication was required in an organization and an outside collaborator didn't use 2FA or disabled 2FA. |
org.remove_self_hosted_runner | A self-hosted runner was removed. For more information, see "Removing self-hosted runners." |
org.rename | An organization was renamed. |
org.restore_member | An organization member was restored. For more information, see "Reinstating a former member of your organization." |
org.revoke_external_identity | An organization owner revoked a member's linked identity. For more information, see "Viewing and managing a member's SAML access to your organization." |
org.revoke_sso_session | An organization owner revoked a member's SAML session. For more information, see "Viewing and managing a member's SAML access to your organization." |
org.runner_group_created | A self-hosted runner group was created. For more information, see "Managing access to self-hosted runners using groups." |
org.runner_group_removed | A self-hosted runner group was removed. For more information, see "Managing access to self-hosted runners using groups." |
org.runner_group_renamed | A self-hosted runner group was renamed. For more information, see "Managing access to self-hosted runners using groups." |
org.runner_group_updated | The configuration of a self-hosted runner group was changed. For more information, see "Managing access to self-hosted runners using groups." |
org.runner_group_runner_removed | The REST API was used to remove a self-hosted runner from a group. For more information, see "Actions." |
org.runner_group_runners_added | A self-hosted runner was added to a group. For more information, see Moving a self-hosted runner to a group. |
org.runner_group_runners_updated | A runner group's list of members was updated. For more information, see "Actions." |
org.runner_group_visiblity_updated | The visibility of a self-hosted runner group was updated via the REST API. For more information, see "Actions." |
org.secret_scanning_custom_pattern_push_protection_disabled | Push protection for a custom pattern for secret scanning was disabled for your organization. For more information, see "Defining custom patterns for secret scanning." |
org.secret_scanning_custom_pattern_push_protection_enabled | Push protection for a custom pattern for secret scanning was enabled for your organization. For more information, see "Defining custom patterns for secret scanning." |
org.secret_scanning_push_protection_custom_message_disabled | The custom message triggered by an attempted push to a push-protected repository was disabled for your organization. For more information, see "Protecting pushes with secret scanning." |
org.secret_scanning_push_protection_custom_message_enabled | The custom message triggered by an attempted push to a push-protected repository was enabled for your organization. For more information, see "Protecting pushes with secret scanning." |
org.secret_scanning_push_protection_custom_message_updated | The custom message triggered by an attempted push to a push-protected repository was updated for your organization. For more information, see "Protecting pushes with secret scanning." |
org.secret_scanning_push_protection_disable | An organization owner or administrator disabled push protection for secret scanning. For more information, see "Protecting pushes with secret scanning." |
org.secret_scanning_push_protection_enable | An organization owner or administrator enabled push protection for secret scanning. |
org.self_hosted_runner_online | The runner application was started. Can only be viewed using the REST API; not visible in the UI or JSON/CSV export. For more information, see "Monitoring and troubleshooting self-hosted runners." |
org.self_hosted_runner_offline | The runner application was stopped. Can only be viewed using the REST API; not visible in the UI or JSON/CSV export. For more information, see "Monitoring and troubleshooting self-hosted runners." |
org.self_hosted_runner_updated | The runner application was updated. Can be viewed using the REST API and the UI; not visible in the JSON/CSV export. For more information, see "About self-hosted runners." |
org.set_actions_fork_pr_approvals_policy | The setting for requiring approvals for workflows from public forks was changed for an organization. For more information, see "Disabling or limiting GitHub Actions for your organization." |
org.set_actions_retention_limit | The retention period for GitHub Actions artifacts and logs in an organization was changed. For more information, see "Configuring the retention period for GitHub Actions artifacts and logs in your organization." |
org.set_fork_pr_workflows_policy | The policy for workflows on private repository forks was changed. For more information, see "Disabling or limiting GitHub Actions for your organization." |
org.sso_response | A SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your organization. This event is only available via audit log streaming and the REST API. |
org.transfer | An organization was transferred between enterprise accounts. For more information, see "Adding organizations to your enterprise." |
org.transform | A user account was converted into an organization. For more information, see "Converting a user into an organization." |
org.unblock_user | An organization owner unblocked a user from an organization. For more information, see "Unblocking a user from your organization." |
org.update_actions_secret | A GitHub Actions secret was updated. |
org.update_integration_secret | A Dependabot or GitHub Codespaces integration secret was updated for an organization. |
org.update_default_repository_permission | An organization owner changed the default repository permission level for organization members. |
org.update_member | An organization owner changed a person's role from owner to member or member to owner. |
org.update_member_repository_creation_permission | An organization owner changed the create repository permission for organization members. |
org.update_member_repository_invitation_permission | An organization owner changed the policy setting for organization members inviting outside collaborators to repositories. For more information, see "Setting permissions for adding outside collaborators." |
org.update_new_repository_default_branch_setting | An organization owner changed the name of the default branch for new repositories in the organization. For more information, see "Managing the default branch name for repositories in your organization." |
org.update_saml_provider_settings | An organization's SAML provider settings were updated. |
org.update_terms_of_service | An organization changed between the Standard Terms of Service and the Corporate Terms of Service. For more information, see "Upgrading to the Corporate Terms of Service." |
org_credential_authorization category actions
| Action | Description |
|---|---|
org_credential_authorization.deauthorized | A member deauthorized credentials for use with SAML single sign-on. For more information, see "Authenticating with SAML single sign-on." |
org_credential_authorization.grant | A member authorized credentials for use with SAML single sign-on. For more information, see "Authenticating with SAML single sign-on." |
org_credential_authorization.revoke | An owner revoked authorized credentials. For more information, see "Viewing and managing a member's SAML access to your organization." |
org_secret_scanning_custom_pattern category actions
| Action | Description |
|---|---|
org_secret_scanning_custom_pattern.create | A custom pattern is published for secret scanning in an organization. For more information, see "Defining custom patterns for secret scanning." |
org_secret_scanning_custom_pattern.delete | A custom pattern is removed from secret scanning in an organization. For more information, see "Defining custom patterns for secret scanning." |
org_secret_scanning_custom_pattern.update | Changes to a custom pattern are saved for secret scanning in an organization. For more information, see "Defining custom patterns for secret scanning." |
organization_default_label category actions
| Action | Description |
|---|---|
organization_default_label.create | A default label for repositories in an organization was created. For more information, see "Managing default labels for repositories in your organization." |
organization_default_label.update | A default label for repositories in an organization was edited. For more information, see "Managing default labels for repositories in your organization." |
organization_default_label.destroy | A default label for repositories in an organization was deleted. For more information, see "Managing default labels for repositories in your organization." |
organization_domain category actions
| Action | Description |
|---|---|
organization_domain.approve | An enterprise domain was approved for an organization. For more information, see "Verifying or approving a domain for your organization." |
organization_domain.create | An enterprise domain was added to an organization. For more information, see "Verifying or approving a domain for your organization." |
organization_domain.destroy | An enterprise domain was removed from an organization. For more information, see "Verifying or approving a domain for your organization." |
organization_domain.verify | An enterprise domain was verified for an organization. For more information, see "Verifying or approving a domain for your organization." |
organization_projects_change category actions
| Action | Description |
|---|---|
organization_projects_change.clear | An enterprise owner cleared the policy setting for organization-wide project boards in an enterprise. For more information, see "Enforcing policies for projects in your enterprise." |
organization_projects_change.disable | Organization projects were disabled for all organizations in an enterprise. For more information, see "Enforcing policies for projects in your enterprise." |
organization_projects_change.enable | Organization projects were enabled for all organizations in an enterprise. For more information, see "Enforcing policies for projects in your enterprise." |
packages category actions
| Action | Description |
|---|---|
packages.insecure_hash | Maven published an insecure hash for a specific package version. |
packages.package_deleted | A package was deleted from an organization. For more information, see "Deleting and restoring a package." |
packages.package_published | A package was published or republished to an organization. |
packages.package_restored | An entire package was restored. For more information, see "Deleting and restoring a package." |
packages.package_version_deleted | A specific package version was deleted. For more information, see "Deleting and restoring a package." |
packages.package_version_published | A specific package version was published or republished to a package. |
packages.package_version_restored | A specific package version was deleted. For more information, see "Deleting and restoring a package." |
packages.part_upload | A specific package version was partially uploaded to an organization. |
packages.upstream_package_fetched | A specific package version was fetched from the npm upstream proxy. |
packages.version_download | A specific package version was downloaded. |
packages.version_upload | A specific package version was uploaded. |
pages_protected_domain category actions
| Action | Description |
|---|---|
pages_protected_domain.create | A GitHub Pages verified domain was created for an organization or enterprise. For more information, see "Verifying your custom domain for GitHub Pages." |
pages_protected_domain.delete | A GitHub Pages verified domain was deleted from an organization or enterprise. For more information, see "Verifying your custom domain for GitHub Pages." |
pages_protected_domain.verify | A GitHub Pages domain was verified for an organization or enterprise. For more information, see "Verifying your custom domain for GitHub Pages." |
payment_method category actions
| Action | Description |
|---|---|
payment_method.create | A new payment method was added, such as a new credit card or PayPal account. |
payment_method.remove | A payment method was removed. |
payment_method.update | An existing payment method was updated. |
prebuild_configuration category actions
| Action | Description |
|---|---|
prebuild_configuration.create | A GitHub Codespaces prebuild configuration for a repository was created. For more information, see "About GitHub Codespaces prebuilds." |
prebuild_configuration.destroy | A GitHub Codespaces prebuild configuration for a repository was deleted. For more information, see "About GitHub Codespaces prebuilds." |
prebuild_configuration.run_triggered | A user initiated a run of a GitHub Codespaces prebuild configuration for a repository branch. For more information, see "About GitHub Codespaces prebuilds." |
prebuild_configuration.update | A GitHub Codespaces prebuild configuration for a repository was edited. For more information, see "About GitHub Codespaces prebuilds." |
private_repository_forking category actions
| Action | Description |
|---|---|
private_repository_forking.clear | An enterprise owner cleared the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise. For more information, see "Managing the forking policy for your repository, "Managing the forking policy for your organization and for enterprises "Enforcing repository management policies in your enterprise." |
private_repository_forking.disable | An enterprise owner disabled the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise. Private and internal repositories are never allowed to be forked. For more information, see "Managing the forking policy for your repository, "Managing the forking policy for your organization and for enterprises "Enforcing repository management policies in your enterprise." |
private_repository_forking.enable | An enterprise owner enabled the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise. Private and internal repositories are always allowed to be forked. For more information, see "Managing the forking policy for your repository, "Managing the forking policy for your organization and for enterprises "Enforcing repository management policies in your enterprise." |
profile_picture category actions
| Action | Description |
|---|---|
profile_picture.update | A profile picture was updated. |
project category actions
| Action | Description |
|---|---|
project.access | A project board visibility was changed. For more information, see "Changing project (classic) visibility." |
project.close | A project board was closed. For more information, see "Closing a project (classic)." |
project.create | A project board was created. For more information, see "Creating a project (classic)." |
project.delete | A project board was deleted. For more information, see "Deleting a project (classic)." |
project.link | A repository was linked to a project board. For more information, see "Linking a repository to a project (classic)." |
project.open | A project board was reopened. For more information, see "Reopening a closed project (classic)." |
project.rename | A project board was renamed. For more information, see "Editing a project (classic)." |
project.unlink | A repository was unlinked from a project board. For more information, see "Linking a repository to a project (classic)." |
project.update_org_permission | The project's base-level permission for all organization members was changed or removed. For more information, see "Managing access to a project (classic) for organization members." |
project.update_team_permission | A team's project board permission level was changed or when a team was added or removed from a project board. For more information, see "Managing team access to an organization project (classic)." |
project.update_user_permission | An organization member or outside collaborator was added to or removed from a project board or had their permission level changed. For more information, see "Managing an individual’s access to an organization project (classic)." |
project_field category actions
| Action | Description |
|---|---|
project_field.create | A field was created in a project board. For more information, see "Understanding fields." |
project_field.delete | A field was deleted in a project board. For more information, see "Deleting custom fields." |
project_view category actions
| Action | Description |
|---|---|
project_view.create | A view was created in a project board. For more information, see "Managing your views." |
project_view.delete | A view was deleted in a project board. For more information, see "Managing your views." |
protected_branch category actions
| Action | Description |
|---|---|
protected_branch.create | Branch protection was enabled on a branch. |
protected_branch.destroy | Branch protection was disabled on a branch. |
protected_branch.dismiss_stale_reviews | Enforcement of dismissing stale pull requests was updated on a branch. |
protected_branch.policy_override | A branch protection requirement was overridden by a repository administrator. |
protected_branch.rejected_ref_update | A branch update attempt was rejected. |
protected_branch.required_status_override | The required status checks branch protection requirement was overridden by a repository administrator. |
protected_branch.review_policy_and_required_status_override | The required reviews and required status checks branch protection requirements were overridden by a repository administrator. |
protected_branch.review_policy_override | The required reviews branch protection requirement was overridden by a repository administrator. |
protected_branch.update_admin_enforced | Branch protection was enforced for repository administrators. |
protected_branch.update_pull_request_reviews_enforcement_level | Enforcement of required pull request reviews was updated on a branch. Can be one of 0(deactivated), 1(non-admins), 2(everyone). |
protected_branch.update_require_code_owner_review | Enforcement of required code owner review was updated on a branch. |
protected_branch.update_required_approving_review_count | Enforcement of the required number of approvals before merging was updated on a branch. |
protected_branch.update_required_status_checks_enforcement_level | Enforcement of required status checks was updated on a branch. |
protected_branch.update_signature_requirement_enforcement_level | Enforcement of required commit signing was updated on a branch. |
protected_branch.update_strict_required_status_checks_policy | Enforcement of required status checks was updated on a branch. |
protected_branch.update_name | A branch name pattern was updated for a branch. |
public_key category actions
| Action | Description |
|---|---|
public_key.create | An SSH key was added to a user account or a deploy key was added to a repository. |
public_key.delete | An SSH key was removed from a user account or a deploy key was removed from a repository. |
public_key.update | A user account's SSH key or a repository's deploy key was updated. |
public_key.unverification_failure | A user account's SSH key or a repository's deploy key was unable to be unverified. |
public_key.unverify | A user account's SSH key or a repository's deploy key was unverified. |
public_key.verification_failure | A user account's SSH key or a repository's deploy key was unable to be verified. |
public_key.verify | A user account's SSH key or a repository's deploy key was verified. |
pull_request category actions
| Action | Description |
|---|---|
pull_request.close | A pull request was closed without being merged. For more information, see "Closing a pull request." |
pull_request.converted_to_draft | A pull request was converted to a draft. For more information, see "Changing the stage of a pull request." |
pull_request.create | A pull request was created. For more information, see "Creating a pull request." |
pull_request.create_review_request | A review was requested on a pull request. For more information, see "About pull request reviews." |
pull_request.in_progress | A pull request was marked as in progress. |
pull_request.indirect_merge | A pull request was considered merged because the pull request's commits were merged into the target branch. |
pull_request.merge | A pull request was merged. For more information, see "Merging a pull request." |
pull_request.ready_for_review | A pull request was marked as ready for review. For more information, see "Changing the stage of a pull request." |
pull_request.remove_review_request | A review request was removed from a pull request. For more information, see "About pull request reviews." |
pull_request.reopen | A pull request was reopened after previously being closed. |
pull_request_review.delete | A review on a pull request was deleted. |
pull_request_review.dismiss | A review on a pull request was dismissed. For more information, see "Dismissing a pull request review." |
pull_request_review.submit | A review was submitted for a pull request. For more information, see "About pull request reviews." |
pull_request_review category actions
| Action | Description |
|---|---|
pull_request_review.delete | A review on a pull request was deleted. |
pull_request_review.dismiss | A review on a pull request was dismissed. For more information, see "Dismissing a pull request review." |
pull_request_review.submit | A review on a pull request was submitted. For more information, see "Reviewing proposed changes in a pull request." |
pull_request_review_comment category actions
| Action | Description |
|---|---|
pull_request_review_comment.create | A review comment was added to a pull request. For more information, see "About pull request reviews." |
pull_request_review_comment.delete | A review comment on a pull request was deleted. |
pull_request_review_comment.update | A review comment on a pull request was changed. |
repo category actions
| Action | Description |
|---|---|
repo.access | The visibility of a repository changed to private or internal. |
repo.actions_enabled | GitHub Actions was enabled for a repository. |
repo.add_member | A collaborator was added to a repository. |
repo.add_topic | A topic was added to a repository. |
repo.advanced_security_disabled | GitHub Advanced Security was disabled for a repository. |
repo.advanced_security_enabled | GitHub Advanced Security was enabled for a repository. |
repo.advanced_security_policy_selected_member_disabled | A repository administrator prevented GitHub Advanced Security features from being enabled for a repository. |
repo.advanced_security_policy_selected_member_enabled | A repository administrator allowed GitHub Advanced Security features to be enabled for a repository. |
repo.archived | A repository was archived. For more information, see "Archiving a GitHub repository." |
repo.change_merge_setting | Pull request merge options were changed for a repository. |
repo.clear_actions_settings | A repository administrator cleared GitHub Actions policy settings for a repository. |
repo.code_scanning_analysis_deleted | Code scanning analysis for a repository was deleted. For more information, see "Code Scanning." |
repo.code_scanning_configuration_for_branch_deleted | A code scanning configuration for a branch of a repository was deleted. For more information, see "Managing code scanning alerts for your repository." |
repo.config | A repository administrator blocked force pushes. For more information, see "Enforcing repository management policies in your enterprise." |
repo.config.disable_collaborators_only | The interaction limit for collaborators only was disabled. For more information, see "Limiting interactions in your repository." |
repo.config.disable_contributors_only | The interaction limit for prior contributors only was disabled in a repository. For more information, see "Limiting interactions in your repository." |
repo.config.disable_sockpuppet_disallowed | The interaction limit for existing users only was disabled in a repository. For more information, see "Limiting interactions in your repository." |
repo.config.enable_collaborators_only | The interaction limit for collaborators only was enabled in a repository. Users that are not collaborators or organization members were unable to interact with a repository for a set duration. For more information, see "Limiting interactions in your repository." |
repo.config.enable_contributors_only | The interaction limit for prior contributors only was enabled in a repository. Users that are not prior contributors, collaborators or organization members were unable to interact with a repository for a set duration. For more information, see "Limiting interactions in your repository." |
repo.config.enable_sockpuppet_disallowed | The interaction limit for existing users was enabled in a repository. New users aren't able to interact with a repository for a set duration. Existing users of the repository, contributors, collaborators or organization members are able to interact with a repository. For more information, see "Limiting interactions in your repository." |
repo.create | A repository was created. |
repo.create_actions_secret | A GitHub Actions secret was created for a repository. For more information, see "Encrypted secrets." |
repo.create_integration_secret | A Dependabot or GitHub Codespaces integration secret was created for a repository. |
repo.destroy | A repository was deleted. |
repo.download_zip | A source code archive of a repository was downloaded as a ZIP file. For more information, see "Downloading source code archives." |
repo.pages_cname | A GitHub Pages custom domain was modified in a repository. |
repo.pages_create | A GitHub Pages site was created. |
repo.pages_destroy | A GitHub Pages site was deleted. |
repo.pages_https_redirect_disabled | HTTPS redirects were disabled for a GitHub Pages site. |
repo.pages_https_redirect_enabled | HTTPS redirects were enabled for a GitHub Pages site. |
repo.pages_source | A GitHub Pages source was modified. |
repo.pages_private | A GitHub Pages site visibility was changed to private. |
repo.pages_public | A GitHub Pages site visibility was changed to public. |
repo.register_self_hosted_runner | A new self-hosted runner was registered. For more information, see "Adding self-hosted runners." |
repo.remove_self_hosted_runner | A self-hosted runner was removed. For more information, see "Removing self-hosted runners." |
repo.remove_actions_secret | A GitHub Actions secret was deleted for a repository. |
repo.remove_integration_secret | A Dependabot or GitHub Codespaces integration secret was deleted for a repository. |
repo.remove_member | A collaborator was removed from a repository. |
repo.remove_topic | A topic was removed from a repository. |
repo.rename | A repository was renamed. |
repo.set_actions_fork_pr_approvals_policy | The setting for requiring approvals for workflows from public forks was changed for a repository. For more information, see "Managing GitHub Actions settings for a repository." |
repo.set_actions_retention_limit | The retention period for GitHub Actions artifacts and logs in a repository was changed. For more information, see "Managing GitHub Actions settings for a repository." |
repo.self_hosted_runner_online | The runner application was started. Can only be viewed using the REST API; not visible in the UI or JSON/CSV export. For more information, see "Monitoring and troubleshooting self-hosted runners." |
repo.self_hosted_runner_offline | The runner application was stopped. Can only be viewed using the REST API; not visible in the UI or JSON/CSV export. For more information, see "Monitoring and troubleshooting self-hosted runners." |
repo.self_hosted_runner_updated | The runner application was updated. Can be viewed using the REST API and the UI; not visible in the JSON/CSV export. For more information, see "About self-hosted runners." |
repo.staff_unlock | An enterprise administrator or GitHub staff (with permission from a repository administrator) temporarily unlocked the repository. |
repo.transfer | A user accepted a request to receive a transferred repository. |
repo.transfer_outgoing | A repository was transferred to another repository network. |
repo.transfer_start | A user sent a request to transfer a repository to another user or organization. |
repo.unarchived | A repository was unarchived. For more information, see "Archiving a GitHub repository." |
repo.update_actions_settings | A repository administrator changed GitHub Actions policy settings for a repository. |
repo.update_actions_secret | A GitHub Actions secret was updated. |
repo.update_actions_access_settings | The setting to control how a repository was used by GitHub Actions workflows in other repositories was changed. |
repo.update_default_branch | The default branch for a repository was changed. |
repo.update_integration_secret | A Dependabot or GitHub Codespaces integration secret was updated for a repository. |
repo.update_member | A user's permission to a repository was changed. |
repository_advisory category actions
| Action | Description |
|---|---|
repository_advisory.close | Someone closed a security advisory. For more information, see "About repository security advisories." |
repository_advisory.cve_request | Someone requested a CVE (Common Vulnerabilities and Exposures) number from GitHub for a draft security advisory. |
repository_advisory.github_broadcast | GitHub made a security advisory public in the GitHub Advisory Database. |
repository_advisory.github_withdraw | GitHub withdrew a security advisory that was published in error. |
repository_advisory.open | Someone opened a draft security advisory. |
repository_advisory.publish | Someone publishes a security advisory. |
repository_advisory.reopen | Someone reopened as draft security advisory. |
repository_advisory.update | Someone edited a draft or published security advisory. |
repository_content_analysis category actions
| Action | Description |
|---|---|
repository_content_analysis.enable | An organization owner or repository administrator enabled data use settings for a private repository. |
repository_content_analysis.disable | An organization owner or repository administrator disabled data use settings for a private repository. |
repository_dependency_graph category actions
| Action | Description |
|---|---|
repository_dependency_graph.disable | A repository owner or administrator disabled the dependency graph for a private repository. For more information, see "About the dependency graph." |
repository_dependency_graph.enable | A repository owner or administrator enabled the dependency graph for a private repository. |
repository_image category actions
| Action | Description |
|---|---|
repository_image.create | An image to represent a repository was uploaded. |
repository_image.destroy | An image to represent a repository was deleted. |
repository_invitation category actions
| Action | Description |
|---|---|
repository_invitation.accept | An invitation to join a repository was accepted. |
repository_invitation.cancel | An invitation to join a repository was canceled. |
repository_invitation.create | An invitation to join a repository was sent. |
repository_invitation.reject | An invitation to join a repository was declined. |
repository_projects_change category actions
| Action | Description |
|---|---|
repository_projects_change.clear | The repository projects policy was removed for an organization, or all organizations in the enterprise. Organization admins can now control their repository projects settings. For more information, see "Enforcing policies for projects in your enterprise." |
repository_projects_change.disable | Repository projects were disabled for a repository, all repositories in an organization, or all organizations in an enterprise. |
repository_projects_change.enable | Repository projects were enabled for a repository, all repositories in an organization, or all organizations in an enterprise. |
repository_secret_scanning category actions
| Action | Description |
|---|---|
repository_secret_scanning.disable | A repository owner or administrator disabled secret scanning for a private or internal repository. For more information, see "About secret scanning." |
repository_secret_scanning.enable | A repository owner or administrator enabled secret scanning for a private or internal repository. |
repository_secret_scanning_custom_pattern category actions
| Action | Description |
|---|---|
repository_secret_scanning_custom_pattern.create | A custom pattern is published for secret scanning in a repository. For more information, see "Defining custom patterns for secret scanning." |
repository_secret_scanning_custom_pattern.delete | A custom pattern is removed from secret scanning in a repository. For more information, see "Defining custom patterns for secret scanning." |
repository_secret_scanning_custom_pattern.update | Changes to a custom pattern are saved for secret scanning in a repository. For more information, see "Defining custom patterns for secret scanning." |
repository_secret_scanning_custom_pattern_push_protection category actions
| Action | Description |
|---|---|
repository_secret_scanning_custom_pattern_push_protection.enabled | Push protection for a custom pattern for secret scanning was enabled for your repository. For more information, see "Defining custom patterns for secret scanning." |
repository_secret_scanning_custom_pattern_push_protection.disabled | Push protection for a custom pattern for secret scanning was disabled for your repository. For more information, see "Defining custom patterns for secret scanning." |
repository_secret_scanning_push_protection category actions
| Action | Description |
|---|---|
repository_secret_scanning_push_protection.disable | A repository owner or administrator disabled secret scanning for a repository. For more information, see "Protecting pushes with secret scanning." |
repository_secret_scanning_push_protection.enable | A repository owner or administrator enabled secret scanning for a repository. For more information, see "Protecting pushes with secret scanning." |
repository_visibility_change category actions
| Action | Description |
|---|---|
repository_visibility_change.clear | The repository visibility change setting was cleared for an organization or enterprise. For more information, see "Restricting repository visibility changes in your organization" and "Enforcing repository management policies in your enterprise for an enterprise." |
repository_visibility_change.disable | The ability for enterprise members to update a repository's visibility was disabled. Members are unable to change repository visibilities in an organization, or all organizations in an enterprise. |
repository_visibility_change.enable | The ability for enterprise members to update a repository's visibility was enabled. Members are able to change repository visibilities in an organization, or all organizations in an enterprise. |
repository_vulnerability_alert category actions
| Action | Description |
|---|---|
repository_vulnerability_alert.create | GitHub Enterprise Cloud created a Dependabot alert for a repository that uses an insecure dependency. For more information, see "About Dependabot alerts." |
repository_vulnerability_alert.dismiss | An organization owner, repository administrator, or someone with write or maintain access to a repository dismissed a Dependabot alert about a vulnerable dependency or malware. |
repository_vulnerability_alert.resolve | Someone with write or maintain access to a repository pushed changes to update and resolve a Dependabot alert in a project dependency. |
repository_vulnerability_alerts category actions
| Action | Description |
|---|---|
repository_vulnerability_alerts.authorized_users_teams | An organization owner or repository administrator updated the list of people or teams authorized to receive Dependabot alerts for the repository. For more information, see "Managing security and analysis settings for your repository." |
repository_vulnerability_alerts.disable | A repository owner or repository administrator disabled Dependabot alerts. |
repository_vulnerability_alerts.enable | A repository owner or repository administrator enabled Dependabot alerts. |
required_status_check category actions
| Action | Description |
|---|---|
required_status_check.create | A status check was marked as required for a protected branch. For more information, see "About protected branches." |
required_status_check.destroy | A status check was no longer marked as required for a protected branch. For more information, see "About protected branches." |
restrict_notification_delivery category actions
| Action | Description |
|---|---|
restrict_notification_delivery.enable | Email notification restrictions for an organization or enterprise were enabled. For more information, see "Restricting email notifications for your organization" and "Restricting email notifications for your enterprise." |
restrict_notification_delivery.disable | Email notification restrictions for an organization or enterprise were disabled. For more information, see "Restricting email notifications for your organization" and "Restricting email notifications for your enterprise." |
role category actions
| Action | Description |
|---|---|
create | An organization owner created a new custom repository role. For more information, see "Managing custom repository roles for an organization." |
destroy | An organization owner deleted a custom repository role. For more information, see "Managing custom repository roles for an organization." |
update | An organization owner edited an existing custom repository role. For more information, see "Managing custom repository roles for an organization." |
secret_scanning category actions
| Action | Description |
|---|---|
secret_scanning.disable | An organization owner disabled secret scanning for all existing private or internal repositories. For more information, see "About secret scanning." |
secret_scanning.enable | An organization owner enabled secret scanning for all existing private or internal repositories. |
secret_scanning_alert category actions
| Action | Description |
|---|---|
secret_scanning_alert.create | GitHub detected a secret and created a secret scanning alert. For more information, see "Managing alerts from secret scanning." |
secret_scanning_alert.reopen | A user reopened a secret scanning alert. |
secret_scanning_alert.resolve | A user resolved a secret scanning alert. |
secret_scanning_new_repos category actions
| Action | Description |
|---|---|
secret_scanning_new_repos.disable | An organization owner disabled secret scanning for all new private or internal repositories. For more information, see "About secret scanning." |
secret_scanning_new_repos.enable | An organization owner enabled secret scanning for all new private or internal repositories. |
secret_scanning_push_protection category actions
| Action | Description |
|---|---|
bypass | Triggered when a user bypasses the push protection on a secret detected by secret scanning. For more information, see "Protecting pushes with secret scanning." |
security_key category actions
| Action | Description |
|---|---|
security_key.register | A security key was registered for an account. |
security_key.remove | A security key was removed from an account. |
sponsors category actions
| Action | Description |
|---|---|
sponsors.agreement_sign | A GitHub Sponsors agreement was signed on behalf of an organization. |
sponsors.custom_amount_settings_change | Custom amounts for GitHub Sponsors were enabled or disabled, or the suggested custom amount was changed. For more information, see "Managing your sponsorship tiers." |
sponsors.fiscal_host_change | The fiscal host for a GitHub Sponsors listing was updated. |
sponsors.withdraw_agreement_signature | A signature was withdrawn from a GitHub Sponsors agreement that applies to an organization. |
sponsors.repo_funding_links_file_action | The FUNDING file in a repository was changed. For more information, see "Displaying a sponsor button in your repository." |
sponsors.sponsor_sponsorship_cancel | A sponsorship was canceled. For more information, see "Downgrading a sponsorship." |
sponsors.sponsor_sponsorship_create | A sponsorship was created, by sponsoring an account. For more information, see "Sponsoring an open source contributor." |
sponsors.sponsor_sponsorship_payment_complete | After you sponsor an account and a payment has been processed, the sponsorship payment was marked as complete. For more information, see "Sponsoring an open source contributor." |
sponsors.sponsor_sponsorship_preference_change | The option to receive email updates from a sponsored account was changed. For more information, see "Managing your sponsorship." |
sponsors.sponsor_sponsorship_tier_change | A sponsorship was upgraded or downgraded. For more information, see "Upgrading a sponsorship" and "Downgrading a sponsorship." |
sponsors.sponsored_developer_approve | A GitHub Sponsors account was approved. For more information, see "Setting up GitHub Sponsors for your organization." |
sponsors.sponsored_developer_create | A GitHub Sponsors account was created. For more information, see "Setting up GitHub Sponsors for your organization." |
sponsors.sponsored_developer_disable | A GitHub Sponsors account was disabled. |
sponsors.sponsored_developer_profile_update | You edit a sponsored organization profile. For more information, see "Editing your profile details for GitHub Sponsors." |
sponsors.sponsored_developer_redraft | A GitHub Sponsors account was returned to draft state from approved state. |
sponsors.sponsored_developer_request_approval | An application for GitHub Sponsors was submitted for approval. For more information, see "Setting up GitHub Sponsors for your organization." |
sponsors.sponsored_developer_tier_description_update | The description for a sponsorship tier was changed. For more information, see "Managing your sponsorship tiers." |
sponsors.update_tier_welcome_message | The welcome message for a GitHub Sponsors tier for an organization was updated. |
sponsors.update_tier_repository | A GitHub Sponsors tier changed access for a repository. |
ssh_certificate_authority category actions
| Action | Description |
|---|---|
ssh_certificate_authority.create | An SSH certificate authority for an organization or enterprise was created. For more information, see "Managing your organization's SSH certificate authorities" and "Enforcing policies for security settings in your enterprise." |
ssh_certificate_authority.destroy | An SSH certificate authority for an organization or enterprise was deleted. For more information, see "Managing your organization's SSH certificate authorities" and "Enforcing policies for security settings in your enterprise." |
ssh_certificate_requirement category actions
| Action | Description |
|---|---|
ssh_certificate_requirement.enable | The requirement for members to use SSH certificates to access an organization resources was enabled. For more information, see "Managing your organization's SSH certificate authorities" and "Enforcing policies for security settings in your enterprise." |
ssh_certificate_requirement.disable | The requirement for members to use SSH certificates to access an organization resources was disabled. For more information, see "Managing your organization's SSH certificate authorities" and "Enforcing policies for security settings in your enterprise." |
sso_redirect category actions
Note: Automatically redirecting users to sign in is currently in beta for Enterprise Managed Users and subject to change.
| Action | Description |
|---|---|
sso_redirect.enable | Automatic redirects for users to single sign-on (SSO) was enabled. |
sso_redirect.disable | Automatic redirects for users to single sign-on (SSO) was disabled. |
For more information, see "Enforcing policies for security settings in your enterprise."
staff category actions
| Action | Description |
|---|---|
staff.disable_repo | An organization or repository administrator disabled access to a repository and all of its forks. |
staff.enable_repo | An organization or repository administrator re-enabled access to a repository and all of its forks. |
staff.repo_lock | An organization or repository administrator locked (temporarily gained full access to) a user's private repository. |
staff.repo_unlock | An organization or repository administrator unlocked (ended their temporary access to) a user's private repository. |
staff.set_domain_token_expiration | GitHub staff set the verification code expiry time for an organization or enterprise domain. For more information, see "Verifying or approving a domain for your organization" and "Verifying or approving a domain for your enterprise." |
staff.unverify_domain | GitHub staff unverified an organization or enterprise domain. For more information, see "Verifying or approving a domain for your organization" and "Verifying or approving a domain for your enterprise." |
staff.verify_domain | GitHub staff verified an organization or enterprise domain. For more information, see "Verifying or approving a domain for your organization" and "Verifying or approving a domain for your enterprise." |
team category actions
| Action | Description |
|---|---|
team.add_member | A member of an organization was added to a team. For more information, see "Adding organization members to a team." |
team.add_repository | A team was given access and permissions to a repository. |
team.change_parent_team | A child team was created or a child team's parent was changed. For more information, see "Moving a team in your organization’s hierarchy." |
team.change_privacy | A team's privacy level was changed. For more information, see "Changing team visibility." |
team.create | A user account or repository was added to a team. |
team.delete | A user account or repository was removed from a team. |
team.destroy | A team was deleted. |
team.demote_maintainer | A user was demoted from a team maintainer to a team member. |
team.promote_maintainer | A user was promoted from a team member to a team maintainer. For more information, see "Assigning the team maintainer role to a team member." |
team.remove_member | A member of an organization was removed from a team. For more information, see "Removing organization members from a team." |
team.remove_repository | A repository was no longer under a team's control. |
team.rename | A team's name was changed. |
team.update_permission | A team's access was changed. |
team.update_repository_permission | A team's permission to a repository was changed. |
team_sync_tenant category actions
| Action | Description |
|---|---|
team_sync_tenant.disabled | Team synchronization with a tenant was disabled. For more information, see "Managing team synchronization for your organization" and "Managing team synchronization for organizations in your enterprise." |
team_sync_tenant.enabled | Team synchronization with a tenant was enabled. For more information, see "Managing team synchronization for your organization" and "Managing team synchronization for organizations in your enterprise." |
team_sync_tenant.update_okta_credentials | The Okta credentials for team synchronization with a tenant were changed. |
user_license category actions
| Action | Description |
|---|---|
user_license.create | A seat license for a user in an enterprise was created. |
user_license.destroy | A seat license for a user in an enterprise was deleted. |
user_license.update | A seat license type for a user in an enterprise was changed. |
workflows category actions
| Action | Description |
|---|---|
workflows.approve_workflow_job | A workflow job was approved. For more information, see "Reviewing deployments." |
workflows.cancel_workflow_run | A workflow run was cancelled. For more information, see "Canceling a workflow." |
workflows.delete_workflow_run | A workflow run was deleted. For more information, see "Deleting a workflow run." |
workflows.disable_workflow | A workflow was disabled. |
workflows.enable_workflow | A workflow was enabled, after previously being disabled by disable_workflow. |
workflows.reject_workflow_job | A workflow job was rejected. For more information, see "Reviewing deployments." |
workflows.rerun_workflow_run | A workflow run was re-run. For more information, see "Re-running workflows and jobs." |
workflows.completed_workflow_run | A workflow status changed to completed. Can only be viewed using the REST API; not visible in the UI or the JSON/CSV export. For more information, see "Viewing workflow run history. |
workflows.created_workflow_run | A workflow run was created. Can only be viewed using the REST API; not visible in the UI or the JSON/CSV export. For more information, see "Understanding GitHub Actions." |
workflows.prepared_workflow_job | A workflow job was started. Includes the list of secrets that were provided to the job. Can only be viewed using the REST API. It is not visible in the GitHub web interface or included in the JSON/CSV export. For more information, see "Events that trigger workflows." |