Skip to main content
설명서에 자주 업데이트를 게시하며 이 페이지의 번역이 계속 진행 중일 수 있습니다. 최신 정보는 영어 설명서를 참조하세요.

보안 로그 검토

개인 계정에 대한 보안 로그를 검토하여 자신이 수행한 작업과 다른 사용자가 수행한 작업을 더 잘 이해할 수 있습니다.

Accessing your security log

The security log lists all actions performed within the last 90 days.

  1. In the upper-right corner of any page, click your profile photo, then click Settings.

    Screenshot of GitHub's account menu showing options for users to view and edit their profile, content, and settings. The menu item "Settings" is outlined in dark orange.

  2. In the "Archives" section of the sidebar, click Security log.

Searching your security log

The name for each audit log entry is composed of the action object or category qualifier, followed by an operation type. For example, the repo.create entry refers to the create operation on the repo category.

Each audit log entry shows applicable information about an event, such as:

  • The enterprise or organization an action was performed in
  • The user (actor) who performed the action
  • The user affected by the action
  • Which repository an action was performed in
  • The action that was performed
  • Which country the action took place in
  • The date and time the action occurred
  • Optionally, the source IP address for the user (actor) who performed the action

Note that you cannot search for entries using text. You can, however, construct search queries using a variety of filters. Many operators used when querying the log, such as -, >, or <, match the same format as searching across GitHub Enterprise Cloud. For more information, see "About searching on GitHub."

Search based on operation

Use the operation qualifier to limit actions to specific types of operations. For example:

  • operation:access finds all events where a resource was accessed.
  • operation:authentication finds all events where an authentication event was performed.
  • operation:create finds all events where a resource was created.
  • operation:modify finds all events where an existing resource was modified.
  • operation:remove finds all events where an existing resource was removed.
  • operation:restore finds all events where an existing resource was restored.
  • operation:transfer finds all events where an existing resource was transferred.

Search based on repository

Use the repo qualifier to limit actions to a specific repository. For example:

  • repo:my-org/our-repo finds all events that occurred for the our-repo repository in the my-org organization.
  • repo:my-org/our-repo repo:my-org/another-repo finds all events that occurred for both the our-repo and another-repo repositories in the my-org organization.
  • -repo:my-org/not-this-repo excludes all events that occurred for the not-this-repo repository in the my-org organization.

Note that you must include the account name within the repo qualifier; searching for just repo:our-repo will not work.

Search based on the user

The actor qualifier can scope events based on who performed the action. For example:

  • actor:octocat finds all events performed by octocat.
  • actor:octocat actor:hubot finds all events performed by octocat or hubot.
  • -actor:hubot excludes all events performed by hubot.

Note that you can only use a GitHub Enterprise Cloud username, not an individual's real name.

Search based on the action performed

The events listed in your security log are triggered by your actions. Actions are grouped into the following categories:

Category nameDescription
billingContains all activities related to your billing information.
codespacesContains all activities related to GitHub Codespaces. For more information, see "GitHub Codespaces overview."
marketplace_agreement_signatureContains all activities related to signing the GitHub Marketplace Developer Agreement.
marketplace_listingContains all activities related to listing apps in GitHub Marketplace.
oauth_accessContains all activities related to OAuth Apps you've connected with.
payment_methodContains all activities related to paying for your GitHub subscription.
personal_access_tokenContains activities related to fine-grained personal access tokens. For more information, see "Creating a personal access token."
profile_pictureContains all activities related to your profile picture.
projectContains all activities related to project boards.
public_keyContains all activities related to your public SSH keys.
repoContains all activities related to the repositories you own.
sponsorsContains all events related to GitHub Sponsors and sponsor buttons (see "About GitHub Sponsors" and "Displaying a sponsor button in your repository")
two_factor_authenticationContains all activities related to two-factor authentication.
userContains all activities related to your account.

Exporting your security log

You can export the log as JSON data or a comma-separated value (CSV) file.

Export button

To filter the results in your export, search by one or more of these supported qualifiers before using the Export drop-down menu.

QualifierExample value
actionteam.create
actoroctocat
usercodertocat
orgocto-org
repoocto-org/documentation
created2019-06-01

After you export the log, you'll see the following keys and values in the resulting file.

KeyExample value
actionteam.create
actoroctocat
usercodertocat
actor_location.country_codeUS
orgocto-org
repoocto-org/documentation
created_at1429548104000 (Timestamp shows the time since Epoch with milliseconds.)
data.emailoctocat@nowhere.com
data.hook_id245
data.events["issues", "issue_comment", "pull_request", "pull_request_review_comment"]
data.events_were["push", "pull_request", "issues"]
data.target_loginoctocat
data.old_userhubot
data.teamocto-org/engineering

Security log actions

An overview of some of the most common actions that are recorded as events in the security log.

billing category actions

ActionDescription
change_billing_typeTriggered when you change how you pay for GitHub.
change_emailTriggered when you change your email address.

codespaces category actions

ActionDescription
createTriggered when you create a codespace.
resumeTriggered when you resume a suspended codespace.
deleteTriggered when you delete a codespace.
manage_access_and_securityTriggered when you update the repositories a codespace has access to.
trusted_repositories_access_updateTriggered when you change your personal account's access and security setting for Codespaces.

marketplace_agreement_signature category actions

ActionDescription
createTriggered when you sign the GitHub Marketplace Developer Agreement.

marketplace_listing category actions

ActionDescription
approveTriggered when your listing is approved for inclusion in GitHub Marketplace.
createTriggered when you create a listing for your app in GitHub Marketplace.
delistTriggered when your listing is removed from GitHub Marketplace.
redraftTriggered when your listing is sent back to draft state.
rejectTriggered when your listing is not accepted for inclusion in GitHub Marketplace.

oauth_authorization category actions

ActionDescription
createTriggered when you grant access to an OAuth App.
destroyTriggered when you revoke an OAuth App's access to your account and when authorizations are revoked or expire.

payment_method category actions

ActionDescription
createTriggered when a new payment method is added, such as a new credit card or PayPal account.
updateTriggered when an existing payment method is updated.

personal_access_token category actions

ActionDescription
access_grantedTriggered when a fine-grained personal access token that you created is granted access to resources.
access_revokedTriggered when a fine-grained personal access token that you created is revoked. The token can still read public organization resources.
createTriggered when you create a fine-grained personal access token.
credential_regeneratedTriggered when you regenerate a fine-grained personal access token.
destroyTriggered when you delete a fine-grained personal access token.
request_cancelledTriggered when you cancel a pending request for your fine-grained personal access token to access organization resources.
request_createdTriggered when you create a fine-grained personal access token to access organization resources and the organization requires approval before a fine-grained personal access token can access organization resources.
request_deniedTriggered when your request for a fine-grained personal access token to access organization resources is denied. For more information, see "Managing requests for personal access tokens in your organization."

profile_picture category actions

ActionDescription
updateTriggered when you set or update your profile picture.

project category actions

ActionDescription
accessTriggered when a project board's visibility is changed.
createTriggered when a project board is created.
renameTriggered when a project board is renamed.
updateTriggered when a project board is updated.
deleteTriggered when a project board is deleted.
linkTriggered when a repository is linked to a project board.
unlinkTriggered when a repository is unlinked from a project board.
update_user_permissionTriggered when an outside collaborator is added to or removed from a project board or has their permission level changed.

public_key category actions

ActionDescription
createTriggered when you add a new public SSH key to your account on GitHub.com.
deleteTriggered when you remove a public SSH key to your account on GitHub.com.

repo category actions

ActionDescription
accessTriggered when you a repository you own is switched from "private" to "public" (or vice versa).
add_memberTriggered when a GitHub Enterprise Cloud user is invited to have collaboration access to a repository.
add_topicTriggered when a repository owner adds a topic to a repository.
archivedTriggered when a repository owner archives a repository.
createTriggered when a new repository is created.
destroyTriggered when a repository is deleted.
disableTriggered when a repository is disabled (e.g., for insufficient funds).
download_zipTriggered when a ZIP or TAR archive of a repository is downloaded.
enableTriggered when a repository is re-enabled.
remove_memberTriggered when a GitHub Enterprise Cloud user is removed from a repository as a collaborator.
remove_topicTriggered when a repository owner removes a topic from a repository.
renameTriggered when a repository is renamed.
staff_unlockTriggered when an enterprise owner or GitHub Support (with permission from a repository administrator) temporarily unlocked the repository. The visibility of the repository isn't changed.
transferTriggered when a repository is transferred.
transfer_startTriggered when a repository transfer is about to occur.
unarchivedTriggered when a repository owner unarchives a repository.

sponsors category actions

ActionDescription
custom_amount_settings_changeTriggered when you enable or disable custom amounts, or when you change the suggested custom amount (see "Managing your sponsorship tiers")
repo_funding_links_file_actionTriggered when you change the FUNDING file in your repository (see "Displaying a sponsor button in your repository")
sponsor_sponsorship_cancelTriggered when you cancel a sponsorship (see "Downgrading a sponsorship")
sponsor_sponsorship_createTriggered when you sponsor an account (see "Sponsoring an open source contributor")
sponsor_sponsorship_payment_completeTriggered after you sponsor an account and your payment has been processed (see "Sponsoring an open source contributor")
sponsor_sponsorship_preference_changeTriggered when you change whether you receive email updates from a sponsored developer (see "Managing your sponsorship")
sponsor_sponsorship_tier_changeTriggered when you upgrade or downgrade your sponsorship (see "Upgrading a sponsorship" and "Downgrading a sponsorship")
sponsored_developer_approveTriggered when your GitHub Sponsors account is approved (see "Setting up GitHub Sponsors for your personal account")
sponsored_developer_createTriggered when your GitHub Sponsors account is created (see "Setting up GitHub Sponsors for your personal account")
sponsored_developer_disableTriggered when your GitHub Sponsors account is disabled
sponsored_developer_redraftTriggered when your GitHub Sponsors account is returned to draft state from approved state
sponsored_developer_profile_updateTriggered when you edit your sponsored developer profile (see "Editing your profile details for GitHub Sponsors")
sponsored_developer_request_approvalTriggered when you submit your application for GitHub Sponsors for approval (see "Setting up GitHub Sponsors for your personal account")
sponsored_developer_tier_description_updateTriggered when you change the description for a sponsorship tier (see "Managing your sponsorship tiers")
sponsored_developer_update_newsletter_sendTriggered when you send an email update to your sponsors (see "Contacting your sponsors")
waitlist_invite_sponsored_developerTriggered when you are invited to join GitHub Sponsors from the waitlist (see "Setting up GitHub Sponsors for your personal account")
waitlist_joinTriggered when you join the waitlist to become a sponsored developer (see "Setting up GitHub Sponsors for your personal account")

successor_invitation category actions

ActionDescription
acceptTriggered when you accept a succession invitation (see "Maintaining ownership continuity of your personal account's repositories")
cancelTriggered when you cancel a succession invitation (see "Maintaining ownership continuity of your personal account's repositories")
createTriggered when you create a succession invitation (see "Maintaining ownership continuity of your personal account's repositories")
declineTriggered when you decline a succession invitation (see "Maintaining ownership continuity of your personal account's repositories")
revokeTriggered when you revoke a succession invitation (see "Maintaining ownership continuity of your personal account's repositories")

two_factor_authentication category actions

ActionDescription
enabledTriggered when two-factor authentication is enabled.
disabledTriggered when two-factor authentication is disabled.

user category actions

ActionDescription
add_emailTriggered when you add a new email address.
codespaces_trusted_repo_access_grantedTriggered when you allow the codespaces you create for a repository to access other repositories owned by your personal account.
codespaces_trusted_repo_access_revokedTriggered when you disallow the codespaces you create for a repository to access other repositories owned by your personal account.
createTriggered when you create a new personal account.
change_passwordTriggered when you change your password.
forgot_passwordTriggered when you ask for a password reset.
hide_private_contributions_countTriggered when you hide private contributions on your profile.
loginTriggered when you log in to GitHub.com.
failed_loginTriggered when you failed to log in successfully.
remove_emailTriggered when you remove an email address.
renameTriggered when you rename your account.
report_contentTriggered when you report an issue or pull request, or a comment on an issue, pull request, or commit.
show_private_contributions_countTriggered when you publicize private contributions on your profile.
two_factor_requestedTriggered when GitHub Enterprise Cloud asks you for your two-factor authentication code.

user_status category actions

ActionDescription
updateTriggered when you set or change the status on your profile. For more information, see "Personalizing your profile."
destroyTriggered when you clear the status on your profile.