Note: This article contains the events that may appear in your organization's audit log. For the events that can appear in a user account's security log or the audit log for an enterprise, see "Security log events" and "Audit log events for your enterprise."
About audit log events for your organization
The name for each audit log entry is composed of a category of events, followed by an operation type. For example, the repo.create entry refers to the create operation on the repo category. The reference information in this article is grouped by categories.
checks
| 작업 | 설명 |
|---|---|
checks.auto_trigger_disabled | Automatic creation of check suites was disabled on a repository in the organization or enterprise. |
checks.auto_trigger_enabled | Automatic creation of check suites was enabled on a repository in the organization or enterprise. |
discussion_post
| 작업 | 설명 |
|---|---|
discussion_post.destroy | Triggered when a team discussion post is deleted. |
discussion_post.update | Triggered when a team discussion post is edited. |
discussion_post_reply
| 작업 | 설명 |
|---|---|
discussion_post_reply.destroy | Triggered when a reply to a team discussion post is deleted. |
discussion_post_reply.update | Triggered when a reply to a team discussion post is edited. |
git
| 작업 | 설명 |
|---|---|
git.clone | A repository was cloned. |
git.fetch | Changes were fetched from a repository. |
git.push | Changes were pushed to a repository. |
hook
| 작업 | 설명 |
|---|---|
hook.config_changed | A hook's configuration was changed. |
hook.create | A new hook was added. |
hook.destroy | A hook was deleted. |
hook.events_changed | A hook's configured events were changed. |
integration
| 작업 | 설명 |
|---|---|
integration.create | An integration was created. |
integration.destroy | An integration was deleted. |
integration.manager_added | A member of an enterprise or organization was added as an integration manager. |
integration.manager_removed | A member of an enterprise or organization was removed from being an integration manager. |
integration.transfer | Ownership of an integration was transferred to another user or organization. |
integration_installation
| 작업 | 설명 |
|---|---|
integration_installation.create | An integration was installed. |
integration_installation.destroy | An integration was uninstalled. |
integration_installation.repositories_added | Repositories were added to an integration. |
integration_installation.repositories_removed | Repositories were removed from an integration. |
integration_installation.version_updated | Permissions for an integration were updated. |
ip_allow_list
| 작업 | 설명 |
|---|---|
ip_allow_list.disable | An IP allow list was disabled. |
ip_allow_list.disable_for_installed_apps | An IP allow list was disabled for installed GitHub Apps. |
ip_allow_list.enable | An IP allow list was enabled. |
ip_allow_list.enable_for_installed_apps | An IP allow list was enabled for installed GitHub Apps. |
ip_allow_list_entry
| 작업 | 설명 |
|---|---|
ip_allow_list_entry.create | An IP address was added to an IP allow list. |
ip_allow_list_entry.destroy | An IP address was deleted from an IP allow list. |
ip_allow_list_entry.update | An IP address or its description was changed. |
oauth_application
| 작업 | 설명 |
|---|---|
oauth_application.create | An OAuth application was created. |
oauth_application.destroy | An OAuth application was deleted. |
oauth_application.reset_secret | The secret key for an OAuth application was reset. |
oauth_application.revoke_tokens | Token(s) for an OAuth application were revoked. |
oauth_application.transfer | An OAuth application was transferred from one account to another. |
org
| 작업 | 설명 |
|---|---|
org.accept_business_invitation | An invitation sent to an organization to join an enterprise was accepted. |
org.add_billing_manager | A billing manager was added to an organization. |
org.add_member | A user joined an organization. |
org.advanced_security_disabled_for_new_repos | GitHub Advanced Security was disabled for new repositories in an organization. |
org.advanced_security_disabled_on_all_repos | GitHub Advanced Security was disabled for all repositories in an organization. |
org.advanced_security_enabled_for_new_repos | GitHub Advanced Security was enabled for new repositories in an organization. |
org.advanced_security_enabled_on_all_repos | GitHub Advanced Security was enabled for all repositories in an organization. |
org.advanced_security_policy_selected_member_disabled | An enterprise owner prevented GitHub Advanced Security features from being enabled for repositories owned by the organization. |
org.advanced_security_policy_selected_member_enabled | An enterprise owner allowed GitHub Advanced Security features to be enabled for repositories owned by the organization. |
org.audit_log_export | An export of the organization audit log was created. If the export included a query, the log will list the query used and the number of audit log entries matching that query. |
org.block_user | An organization owner blocked a user from accessing the organization's repositories. |
org.cancel_business_invitation | An invitation for an organization to join an enterprise was revoked |
org.cancel_invitation | An invitation sent to a user to join an organization was revoked. |
org.codeql_disabled | Triggered when an organization owner or person with admin access to the organization disables code scanning for repositories that use the default setup for CodeQL. |
org.codeql_enabled | Triggered when an organization owner or person with admin access to the organization enables code scanning for repositories that are eligible to use the default setup for CodeQL. |
org.config.disable_collaborators_only | The interaction limit for collaborators only for an organization was disabled. |
org.config.disable_contributors_only | The interaction limit for prior contributors only for an organization was disabled. |
org.config.disable_sockpuppet_disallowed | The interaction limit for existing users only for an organization was disabled. |
org.config.enable_collaborators_only | The interaction limit for collaborators only for an organization was enabled. |
org.config.enable_contributors_only | The interaction limit for prior contributors only for an organization was enabled. |
org.config.enable_sockpuppet_disallowed | The interaction limit for existing users only for an organization was enabled. |
org.confirm_business_invitation | An invitation for an organization to join an enterprise was confirmed. |
org.create | An organization was created. |
org.disable_member_team_creation_permission | Team creation was limited to owners. |
org.disable_reader_discussion_creation_permission | An organization owner limited discussion creation to users with at least triage permission in an organization. |
org.disable_saml | SAML single sign-on was disabled for an organization. |
org.disable_two_factor_requirement | A two-factor authentication requirement was disabled for the organization. |
org.display_commenter_full_name_disabled | An organization owner disabled the display of a commenter's full name in an organization. Members cannot see a comment author's full name. |
org.display_commenter_full_name_enabled | An organization owner enabled the display of a commenter's full name in an organization. Members can see a comment author's full name. |
org.enable_member_team_creation_permission | Team creation by members was allowed. |
org.enable_reader_discussion_creation_permission | An organization owner allowed users with read access to create discussions in an organization |
org.enable_saml | SAML single sign-on was enabled for the organization. |
org.enable_two_factor_requirement | Two-factor authentication is now required for the organization. |
org.integration_manager_added | An organization owner granted a member access to manage all GitHub Apps owned by an organization. |
org.integration_manager_removed | An organization owner removed access to manage all GitHub Apps owned by an organization from an organization member. |
org.invite_member | A new user was invited to join an organization. |
org.invite_to_business | An organization was invited to join an enterprise. |
org.members_can_update_protected_branches.disable | The ability for enterprise members to update protected branches was disabled. Only enterprise owners can update protected branches. |
org.members_can_update_protected_branches.enable | The ability for enterprise members to update protected branches was enabled. Members of an organization can update protected branches. |
org.register_self_hosted_runner | A new self-hosted runner was registered. |
org.remove_billing_manager | A billing manager was removed from an organization, either manually or due to a two-factor authentication requirement. |
org.remove_member | A member was removed from an organization, either manually or due to a two-factor authentication requirement. |
org.remove_outside_collaborator | An outside collaborator was removed from an organization, either manually or due to a two-factor authentication requirement. |
org.remove_self_hosted_runner | A self-hosted runner was removed. |
org.rename | An organization was renamed. |
org.restore_member | An organization member was restored. |
org.runner_group_created | A self-hosted runner group was created. |
org.runner_group_removed | A self-hosted runner group was removed. |
org.runner_group_runners_added | A self-hosted runner was added to a group. |
org.runner_group_runners_updated | A runner group's list of members was updated. |
org.runner_group_runner_removed | The REST API was used to remove a self-hosted runner from a group. |
org.runner_group_updated | The configuration of a self-hosted runner group was changed. |
org.secret_scanning_custom_pattern_push_protection_disabled | Push protection for a custom pattern for secret scanning was disabled for an organization. |
org.secret_scanning_custom_pattern_push_protection_enabled | Push protection for a custom pattern for secret scanning was enabled for an organization. |
org.secret_scanning_push_protection_custom_message_disabled | The custom message triggered by an attempted push to a push-protected repository was disabled for an organization. |
org.secret_scanning_push_protection_custom_message_enabled | The custom message triggered by an attempted push to a push-protected repository was enabled for an organization. |
org.secret_scanning_push_protection_custom_message_updated | The custom message triggered by an attempted push to a push-protected repository was updated for an organization. |
org.secret_scanning_push_protection_disable | Push protection for secret scanning was disabled. |
org.secret_scanning_push_protection_enable | Push protection for secret scanning was enabled. |
org.self_hosted_runner_updated | The runner application was updated. Can be viewed using the REST API and the UI; not visible in the JSON/CSV export. |
org.set_actions_retention_limit | The retention period for GitHub Actions artifacts and logs in an organization was changed. |
org.unblock_user | A user was unblocked from an organization. |
org.update_default_repository_permission | The default repository permission level for organization members was changed. |
org.update_member_repository_creation_permission | The create repository permission for organization members was changed. |
org.update_member_repository_invitation_permission | An organization owner changed the policy setting for organization members inviting outside collaborators to repositories. |
org.update_saml_provider_settings | An organization's SAML provider settings were updated. |
org.update_terms_of_service | An organization changed between the Standard Terms of Service and the GitHub Customer Agreement. |
organization_domain
| 작업 | 설명 |
|---|---|
organization_domain.approve | An enterprise domain was approved for an organization. |
organization_domain.create | An enterprise domain was added to an organization. |
organization_domain.destroy | An enterprise domain was removed from an organization. |
organization_domain.verify | An enterprise domain was verified for an organization. |
org_secret_scanning_automatic_validity_checks
| 작업 | 설명 |
|---|---|
org_secret_scanning_automatic_validity_checks.disabled | Automatic partner validation checks have been disabled at the organization level |
org_secret_scanning_automatic_validity_checks.enabled | Automatic partner validation checks have been enabled at the organization level |
org_secret_scanning_custom_pattern
| 작업 | 설명 |
|---|---|
org_secret_scanning_custom_pattern.create | A custom pattern was created for secret scanning in an organization. |
org_secret_scanning_custom_pattern.delete | A custom pattern was removed from secret scanning in an organization. |
org_secret_scanning_custom_pattern.publish | A custom pattern was published for secret scanning in an organization. |
org_secret_scanning_custom_pattern.update | Changes to a custom pattern were saved and a dry run was executed for secret scanning in an organization. |
packages
| 작업 | 설명 |
|---|---|
packages.package_deleted | An entire package was deleted. |
packages.package_published | A package was published or republished to an organization. |
packages.package_version_deleted | A specific package version was deleted. |
packages.package_version_published | A specific package version was published or republished to a package. |
protected_branch
| 작업 | 설명 |
|---|---|
protected_branch.branch_allowances | A protected branch allowance was given to a specific user, team or integration. |
protected_branch.create | Branch protection was enabled on a branch. |
protected_branch.destroy | Branch protection was disabled on a branch. |
protected_branch.dismissal_restricted_users_teams | Enforcement of restricting users and/or teams who can dismiss reviews was updated on a branch. |
protected_branch.dismiss_stale_reviews | Enforcement of dismissing stale pull requests was updated on a branch. |
protected_branch.policy_override | A branch protection requirement was overridden by a repository administrator. |
protected_branch.rejected_ref_update | A branch update attempt was rejected. |
protected_branch.update_admin_enforced | Branch protection was enforced for repository administrators. |
protected_branch.update_allow_deletions_enforcement_level | Branch deletion was enabled or disabled for a protected branch. |
protected_branch.update_allow_force_pushes_enforcement_level | Force pushes were enabled or disabled for a branch. |
protected_branch.update_linear_history_requirement_enforcement_level | Required linear commit history was enabled or disabled for a branch. |
protected_branch.update_name | A branch name pattern was updated for a branch. |
protected_branch.update_pull_request_reviews_enforcement_level | Enforcement of required pull request reviews was updated for a branch. Can be 0 (deactivated), 1 (non-admins), or 2 (everyone). |
protected_branch.update_required_approving_review_count | Enforcement of the required number of approvals before merging was updated on a branch. |
protected_branch.update_required_status_checks_enforcement_level | Enforcement of required status checks was updated for a branch. |
protected_branch.update_require_code_owner_review | Enforcement of required code owner review was updated for a branch. |
protected_branch.update_signature_requirement_enforcement_level | Enforcement of required commit signing was updated for a branch. |
protected_branch.update_strict_required_status_checks_policy | Enforcement of required status checks was updated for a branch. |
public_key
| 작업 | 설명 |
|---|---|
public_key.create | An SSH key was added to a user account or a deploy key was added to a repository. |
public_key.delete | An SSH key was removed from a user account or a deploy key was removed from a repository. |
public_key.unverification_failure | A user account's SSH key or a repository's deploy key was unable to be unverified. |
public_key.unverify | A user account's SSH key or a repository's deploy key was unverified. |
public_key.update | A user account's SSH key or a repository's deploy key was updated. |
public_key.verification_failure | A user account's SSH key or a repository's deploy key was unable to be verified. |
public_key.verify | A user account's SSH key or a repository's deploy key was verified. |
pull_request
| 작업 | 설명 |
|---|---|
pull_request.close | A pull request was closed without being merged. |
pull_request.converted_to_draft | A pull request was converted to a draft. |
pull_request.create | A pull request was created. |
pull_request.create_review_request | A review was requested on a pull request. |
pull_request.indirect_merge | A pull request was considered merged because the pull request's commits were merged into the target branch. |
pull_request.in_progress | A pull request was marked as in progress. |
pull_request.merge | A pull request was merged. |
pull_request.ready_for_review | A pull request was marked as ready for review. |
pull_request.remove_review_request | A review request was removed from a pull request. |
pull_request.reopen | A pull request was reopened after previously being closed. |
pull_request_review
| 작업 | 설명 |
|---|---|
pull_request_review.delete | A review on a pull request was deleted. |
pull_request_review.dismiss | A review on a pull request was dismissed. |
pull_request_review.submit | A review on a pull request was submitted. |
pull_request_review_comment
| 작업 | 설명 |
|---|---|
pull_request_review_comment.create | A review comment was added to a pull request. |
pull_request_review_comment.delete | A review comment on a pull request was deleted. |
pull_request_review_comment.update | A review comment on a pull request was changed. |
repo
| 작업 | 설명 |
|---|---|
repo.access | The visibility of a repository changed. |
repo.add_member | A collaborator was added to a repository. |
repo.add_topic | A topic was added to a repository. |
repo.advanced_security_disabled | GitHub Advanced Security was disabled for a repository. |
repo.advanced_security_enabled | GitHub Advanced Security was enabled for a repository. |
repo.archived | A repository was archived. |
repo.change_merge_setting | Pull request merge options were changed for a repository. |
repo.code_scanning_analysis_deleted | Code scanning analysis for a repository was deleted. |
repo.code_scanning_configuration_for_branch_deleted | A code scanning configuration for a branch of a repository was deleted. |
repo.config.disable_collaborators_only | The interaction limit for collaborators only was disabled. |
repo.config.disable_contributors_only | The interaction limit for prior contributors only was disabled in a repository. |
repo.config.disable_sockpuppet_disallowed | The interaction limit for existing users only was disabled in a repository. |
repo.config.enable_collaborators_only | The interaction limit for collaborators only was enabled in a repository Users that are not collaborators or organization members were unable to interact with a repository for a set duration. |
repo.config.enable_contributors_only | The interaction limit for prior contributors only was enabled in a repository Users that are not prior contributors, collaborators or organization members were unable to interact with a repository for a set duration. |
repo.config.enable_sockpuppet_disallowed | The interaction limit for existing users was enabled in a repository New users aren't able to interact with a repository for a set duration Existing users of the repository, contributors, collaborators or organization members are able to interact with a repository. |
repo.create | A repository was created. |
repo.destroy | A repository was deleted. |
repo.download_zip | A source code archive of a repository was downloaded as a ZIP file. |
repo.pages_cname | A GitHub Pages custom domain was modified in a repository. |
repo.pages_create | A GitHub Pages site was created. |
repo.pages_destroy | A GitHub Pages site was deleted. |
repo.pages_https_redirect_disabled | HTTPS redirects were disabled for a GitHub Pages site. |
repo.pages_https_redirect_enabled | HTTPS redirects were enabled for a GitHub Pages site. |
repo.pages_private | A GitHub Pages site visibility was changed to private. |
repo.pages_public | A GitHub Pages site visibility was changed to public. |
repo.pages_source | A GitHub Pages source was modified. |
repo.register_self_hosted_runner | A new self-hosted runner was registered. |
repo.remove_member | A collaborator was removed from a repository. |
repo.remove_self_hosted_runner | A self-hosted runner was removed. |
repo.remove_topic | A topic was removed from a repository. |
repo.rename | A repository was renamed. |
repo.self_hosted_runner_updated | The runner application was updated. Can be viewed using the REST API and the UI; not visible in the JSON/CSV export. |
repo.set_actions_retention_limit | The retention period for GitHub Actions artifacts and logs in a repository was changed. |
repo.staff_unlock | An enterprise owner or GitHub staff (with permission from a repository administrator) temporarily unlocked the repository. |
repo.transfer | A user accepted a request to receive a transferred repository. |
repo.transfer_outgoing | A repository was transferred to another repository network. |
repo.transfer_start | A user sent a request to transfer a repository to another user or organization. |
repo.unarchived | A repository was unarchived. |
repo.update_actions_access_settings | The setting to control how a repository was used by GitHub Actions workflows in other repositories was changed. |
repo.update_actions_settings | A repository administrator changed GitHub Actions policy settings for a repository. |
repo.update_member | A user's permission to a repository was changed. |
repository_invitation
| 작업 | 설명 |
|---|---|
repository_invitation.accept | An invitation to join a repository was accepted. |
repository_invitation.cancel | An invitation to join a repository was canceled. |
repository_invitation.create | An invitation to join a repository was sent. |
repository_invitation.reject | An invitation to join a repository was declined. |
repository_secret_scanning
| 작업 | 설명 |
|---|---|
repository_secret_scanning.disable | Secret scanning was disabled for a repository. |
repository_secret_scanning.enable | Secret scanning was enabled for a repository. |
repository_secret_scanning_automatic_validity_checks
| 작업 | 설명 |
|---|---|
repository_secret_scanning_automatic_validity_checks.disabled | Automatic partner validation checks have been disabled at the repository level |
repository_secret_scanning_automatic_validity_checks.enabled | Automatic partner validation checks have been enabled at the repository level |
repository_secret_scanning_custom_pattern
| 작업 | 설명 |
|---|---|
repository_secret_scanning_custom_pattern.create | A custom pattern was created for secret scanning in a repository. |
repository_secret_scanning_custom_pattern.delete | A custom pattern was removed from secret scanning in a repository. |
repository_secret_scanning_custom_pattern.publish | A custom pattern was published for secret scanning in a repository. |
repository_secret_scanning_custom_pattern.update | Changes to a custom pattern were saved and a dry run was executed for secret scanning in a repository. |
repository_secret_scanning_custom_pattern_push_protection
| 작업 | 설명 |
|---|---|
repository_secret_scanning_custom_pattern_push_protection.disabled | Push protection for a custom pattern for secret scanning was disabled for your repository. |
repository_secret_scanning_custom_pattern_push_protection.enabled | Push protection for a custom pattern for secret scanning was enabled for your repository. |
repository_secret_scanning_push_protection
| 작업 | 설명 |
|---|---|
repository_secret_scanning_push_protection.disable | Secret scanning push protection was disabled for a repository. |
repository_secret_scanning_push_protection.enable | Secret scanning push protection was enabled for a repository. |
restrict_notification_delivery
| 작업 | 설명 |
|---|---|
restrict_notification_delivery.disable | Email notification restrictions for an organization or enterprise were disabled. |
restrict_notification_delivery.enable | Email notification restrictions for an organization or enterprise were enabled. |
secret_scanning
| 작업 | 설명 |
|---|---|
secret_scanning.disable | Secret scanning was disabled for all existing repositories. |
secret_scanning.enable | Secret scanning was enabled for all existing repositories. |
secret_scanning_alert
| 작업 | 설명 |
|---|---|
secret_scanning_alert.create | GitHub detected a secret and created a secret scanning alert. |
secret_scanning_alert.reopen | A seret scanning alert was reopened. |
secret_scanning_alert.resolve | A seret scanning alert was resolved. |
secret_scanning_new_repos
| 작업 | 설명 |
|---|---|
secret_scanning_new_repos.disable | Secret scanning was disabled for all new repositories. |
secret_scanning_new_repos.enable | Secret scanning was enabled for all new repositories. |
secret_scanning_push_protection
| 작업 | 설명 |
|---|---|
secret_scanning_push_protection.bypass | Triggered when a user bypasses the push protection on a secret detected by secret scanning. |
ssh_certificate_authority
| 작업 | 설명 |
|---|---|
ssh_certificate_authority.create | An SSH certificate authority for an organization or enterprise was created. |
ssh_certificate_authority.destroy | An SSH certificate authority for an organization or enterprise was deleted. |
ssh_certificate_requirement
| 작업 | 설명 |
|---|---|
ssh_certificate_requirement.disable | The requirement for members to use SSH certificates to access an organization resources was disabled. |
ssh_certificate_requirement.enable | The requirement for members to use SSH certificates to access an organization resources was enabled. |
staff
| 작업 | 설명 |
|---|---|
staff.set_domain_token_expiration | The verification code expiry time for an organization or enterprise domain was set. |
staff.unverify_domain | An organization or enterprise domain was unverified. |
staff.verify_domain | An organization or enterprise domain was verified. |
team
| 작업 | 설명 |
|---|---|
team.add_member | A member of an organization was added to a team. |
team.add_repository | A team was given access and permissions to a repository. |
team.change_parent_team | A child team was created or a child team's parent was changed. |
team.change_privacy | A team's privacy level was changed. |
team.create | A new team is created. |
team.demote_maintainer | A user was demoted from a team maintainer to a team member. |
team.destroy | A team was deleted. |
team.promote_maintainer | A user was promoted from a team member to a team maintainer. |
team.remove_member | An organization member was removed from a team. |
team.remove_repository | A repository was removed from a team's control. |
team.rename | A team's name was changed. |
team.update_repository_permission | A team's permission to a repository was changed. |
team_discussions
| 작업 | 설명 |
|---|---|
team_discussions.clear | An organization owner cleared the setting to allow team discussions for an organization or enterprise. |
team_discussions.disable | Team discussions were disabled for an organization. |
team_discussions.enable | Team discussions were enabled for an organization. |
team_sync_tenant
| 작업 | 설명 |
|---|---|
team_sync_tenant.disabled | Team synchronization with a tenant was disabled. |
team_sync_tenant.enabled | Team synchronization with a tenant was enabled. |
workflows
| 작업 | 설명 |
|---|---|
workflows.approve_workflow_job | A workflow job was approved. |
workflows.cancel_workflow_run | A workflow run was cancelled. |
workflows.delete_workflow_run | A workflow run was deleted. |
workflows.disable_workflow | A workflow was disabled. |
workflows.enable_workflow | A workflow was enabled, after previously being disabled by disable_workflow. |
workflows.reject_workflow_job | A workflow job was rejected. |
workflows.rerun_workflow_run | A workflow run was re-run. |