Skip to main content

This version of GitHub Enterprise was discontinued on 2023-01-18. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise. For help with the upgrade, contact GitHub Enterprise support.

Audit log events for your enterprise

In this article

Learn about audit log events recorded for your enterprise.

Who can use this feature

Enterprise owners and site administrators can interact with the audit log.

artifact category actions

ActionDescription
artifact.destroyA workflow run artifact was manually deleted.

business category actions

ActionDescription
business.add_adminAn enterprise owner or site administrator was added to an enterprise.
business.add_organizationAn organization was added to an enterprise.
business.advanced_security_policy_updateAn enterprise owner or site administrator created, updated, or removed a policy for GitHub Advanced Security. For more information, see "Enforcing policies for Advanced Security in your enterprise."
business.clear_actions_settingsAn enterprise owner or site administrator cleared GitHub Actions policy settings for an enterprise. For more information, see "Enforcing policies for GitHub Actions in your enterprise."
business.clear_default_repository_permissionAn enterprise owner or site administrator cleared the base repository permission policy setting for an enterprise. For more information, see "Enforcing a policy for base repository permissions."
business.clear_members_can_create_reposAn enterprise owner or site administrator cleared a restriction on repository creation in organizations in the enterprise. For more information, see "Enforcing repository management policies in your enterprise."
business.createAn enterprise was created.
business.disable_two_factor_requirementThe requirement for members to have two-factor authentication enabled to access an enterprise was disabled.
business.enable_two_factor_requirementThe requirement for members to have two-factor authentication enabled to access an enterprise was enabled.
business.members_can_update_protected_branches.clearAn enterprise owner or site administrator unset a policy for whether members of an enterprise can update protected branches on repositories for individual organizations. Organization administrators can choose whether to allow updating protected branches settings.
business.members_can_update_protected_branches.disableThe ability for enterprise members to update branch protection rules was disabled. Only enterprise owners can update protected branches.
business.members_can_update_protected_branches.enableThe ability for enterprise members to update branch protection rules was enabled. Enterprise owners and members can update protected branches.
business.remove_adminAn enterprise owner or site administrator was removed from an enterprise.
business.referrer_override_enableAn enterprise owner or site administrator enabled the referrer policy override. For more information, see "Configuring the referrer policy for your enterprise."
business.referrer_override_disableAn enterprise owner or site administrator disabled the referrer policy override. For more information, see "Configuring the referrer policy for your enterprise."
business.remove_organizationAn organization was removed from an enterprise.
business.rename_slugThe slug for the enterprise URL was renamed.
business.set_actions_retention_limitThe retention period for GitHub Actions artifacts and logs was changed for an enterprise. For more information, see "Enforcing policies for GitHub Actions in an enterprise."
business.set_fork_pr_workflows_policyThe policy for workflows on private repository forks was changed. For more information, see "Enabling workflows for private repository forks."
business.update_actions_settingsAn enterprise owner or site administrator updated GitHub Actions policy settings for an enterprise. For more information, see "Enforcing policies for GitHub Actions in your enterprise."
business.update_default_repository_permissionThe base repository permission setting was updated for all organizations in an enterprise. For more information, see "Enforcing a policy for base repository permissions."
business.update_member_repository_creation_permissionThe repository creation setting was updated for an enterprise. For more information, see "Enforcing a policy for repository creation."
business.update_member_repository_invitation_permissionThe policy setting for enterprise members inviting outside collaborators to repositories was updated. For more information, see "Enforcing a policy for inviting outside collaborators to repositories."

checks category actions

ActionDescription
checks.auto_trigger_disabledAutomatic creation of check suites was disabled on a repository in the organization or enterprise. For more information, see "Update repository preferences for check suites."
checks.auto_trigger_enabledAutomatic creation of check suites was enabled on a repository in the organization or enterprise. For more information, see "Update repository preferences for check suites."

config_entry category actions

ActionDescription
config_entry.createA configuration setting was created. These events are only visible in the site admin audit log. The type of events recorded relate to:
- Enterprise settings and policies
- Organization and repository permissions and settings
- Git, Git LFS, GitHub Connect, GitHub Packages, project, and code security settings.
config_entry.destroyA configuration setting was deleted. These events are only visible in the site admin audit log. The type of events recorded relate to:
- Enterprise settings and policies
- Organization and repository permissions and settings
- Git, Git LFS, GitHub Connect, GitHub Packages, project, and code security settings.
config_entry.updateA configuration setting was edited. These events are only visible in the site admin audit log. The type of events recorded relate to:
- Enterprise settings and policies
- Organization and repository permissions and settings
- Git, Git LFS, GitHub Connect, GitHub Packages, project, and code security settings.

dependabot_alerts category actions

ActionDescription
dependabot_alerts.disableAn enterprise owner or site administrator disabled Dependabot alerts for all existing repositories. For more information, see "Managing security and analysis settings for your organization."
dependabot_alerts.enableAn enterprise owner or site administrator enabled Dependabot alerts for all existing repositories.

dependabot_alerts_new_repos category actions

ActionDescription
dependabot_alerts_new_repos.disableAn enterprise owner or site administrator disabled Dependabot alerts for all new repositories. For more information, see "Managing security and analysis settings for your organization."
dependabot_alerts_new_repos.enableAn enterprise owner or site administrator enabled Dependabot alerts for all new repositories.

dependabot_repository_accesscategory actions

ActionDescription
dependabot_repository_access.repositories_updatedThe repositories that Dependabot can access were updated.

dependabot_security_updates category actions

ActionDescription
dependabot_security_updates.disableAn enterprise owner or site administrator disabled Dependabot security updates for all existing repositories. For more information, see "Managing security and analysis settings for your organization."
dependabot_security_updates.enableAn enterprise owner or site administrator enabled Dependabot security updates for all existing repositories.

dependabot_security_updates_new_repos category actions

ActionDescription
dependabot_security_updates_new_repos.disableAn enterprise owner or site administrator disabled Dependabot security updates for all new repositories. For more information, see "Managing security and analysis settings for your organization."
dependabot_security_updates_new_repos.enableAn enterprise owner or site administrator enabled Dependabot security updates for all new repositories.

dependency_graph category actions

ActionDescription
dependency_graph.disableAn enterprise owner or site administrator disabled the dependency graph for all existing repositories. For more information, see "Managing security and analysis settings for your organization."
dependency_graph.enableAn enterprise owner or site administrator enabled the dependency graph for all existing repositories.

dependency_graph_new_repos category actions

ActionDescription
dependency_graph_new_repos.disableAn enterprise owner or site administrator disabled the dependency graph for all new repositories. For more information, see "Managing security and analysis settings for your organization."
dependency_graph_new_repos.enableAn enterprise owner or site administrator enabled the dependency graph for all new repositories.

dotcom_connection category actions

ActionDescription
dotcom_connection.createA GitHub Connect connection to GitHub.com was created.
dotcom_connection.destroyA GitHub Connect connection to GitHub.com was deleted.
dotcom_connection.token_updatedThe GitHub Connect connection token for GitHub.com was updated.
dotcom_connection.upload_license_usageGitHub Enterprise Server license usage was manually uploaded to GitHub Enterprise Cloud.
dotcom_connection.upload_usage_metricsGitHub Enterprise Server usage metrics were uploaded to GitHub.com.

enterprise category actions

ActionDescription
enterprise.config.disable_anonymous_git_accessAn enterprise owner or site administrator disabled anonymous Git read access for repositories in the enterprise. For more information, see "Enforcing repository management policies in your enterprise."
enterprise.config.enable_anonymous_git_accessAn enterprise owner or site administrator enabled anonymous Git read access for repositories in the enterprise. For more information, see "Enforcing repository management policies in your enterprise."
enterprise.config.lock_anonymous_git_accessAn enterprise owner or site administrator locked anonymous Git read access to prevent repository admins from changing existing anonymous Git read access settings for repositories in the enterprise. For more information, see "Enforcing repository management policies in your enterprise."
enterprise.config.unlock_anonymous_git_accessAn enterprise owner or site administrator unlocked anonymous Git read access to allow repository admins to change existing anonymous Git read access settings for repositories in the enterprise. For more information, see "Enforcing repository management policies in your enterprise."
enterprise.register_self_hosted_runnerA new GitHub Actions self-hosted runner was registered. For more information, see "Adding a self-hosted runner to a repository."
enterprise.remove_self_hosted_runnerA GitHub Actions self-hosted runner was removed. For more information, see "Removing a runner from a repository."
enterprise.runner_group_createdA GitHub Actions self-hosted runner group was created. For more information, see "Creating a self-hosted runner group for an organization."
enterprise.runner_group_removedA GitHub Actions self-hosted runner group was removed. For more information, see "Removing a self-hosted runner group."
enterprise.runner_group_renamedA GitHub Actions self-hosted runner group was renamed. For more information, see "Changing the access policy of a self-hosted runner group."
enterprise.runner_group_updatedThe configuration of a GitHub Actions self-hosted runner group was changed. For more information, see "Changing the access policy of a self-hosted runner group."
enterprise.runner_group_runner_removedThe REST API was used to remove a GitHub Actions self-hosted runner from a group. For more information, see "Remove a self-hosted runner from a group for an organization."
enterprise.runner_group_runners_addedA GitHub Actions self-hosted runner was added to a group. For more information, see Moving a self-hosted runner to a group.
enterprise.runner_group_runners_updatedA GitHub Actions runner group's list of members was updated. For more information, see "Set self-hosted runners in a group for an organization."
enterprise.self_hosted_runner_onlineThe GitHub Actions runner application was started. Can only be viewed using the REST API; not visible in the UI or JSON/CSV export. For more information, see "Checking the status of a self-hosted runner."
enterprise.self_hosted_runner_offlineThe GitHub Actions runner application was stopped. Can only be viewed using the REST API; not visible in the UI or JSON/CSV export. For more information, see "Checking the status of a self-hosted runner."
enterprise.self_hosted_runner_updatedThe GitHub Actions runner application was updated. Can be viewed using the REST API and the UI; not visible in the JSON/CSV export. For more information, see "About self-hosted runners."

gist category actions

ActionDescription
gist.createA gist is created.
gist.destroyA gist is deleted.
gist.visibility_changeThe visibility of a gist is changed.

hook category actions

ActionDescription
hook.active_changedA hook's active status was updated.
hook.config_changedA hook's configuration was changed.
hook.createA new hook was added.
hook.destroyA hook was deleted.
hook.events_changedA hook's configured events were changed.

integration category actions

ActionDescription
integration.createAn integration was created.
integration.destroyAn integration was deleted.
integration.manager_addedA member of an enterprise or organization was added as an integration manager.
integration.manager_removedA member of an enterprise or organization was removed from being an integration manager.
integration.transferOwnership of an integration was transferred to another user or organization.
integration.remove_client_secretA client secret for an integration was removed.
integration.revoke_all_tokensAll user tokens for an integration were requested to be revoked.
integration.revoke_tokensToken(s) for an integration were revoked.

integration_installation category actions

ActionDescription
integration_installation.contact_email_changedA contact email for an integration was changed.
integration_installation.createAn integration was installed.
integration_installation.destroyAn integration was uninstalled.
integration_installation.repositories_addedRepositories were added to an integration.
integration_installation.repositories_removedRepositories were removed from an integration.
integration_installation.version_updatedPermissions for an integration were updated.

integration_installation_request category actions

ActionDescription
integration_installation_request.createAn member requested that an owner install an integration for use in an enterprise or organization.
integration_installation_request.closeA request to install an integration for use in an enterprise or organization was either approved or denied by an owner, or canceled by the member who opened the request.

issue category actions

ActionDescription
issue.destroyAn issue was deleted from the repository. For more information, see "Deleting an issue."
issue.pinnedAn issue was pinned to a repository. For more information, see "Pinning an issue to your repository."
issue.transferAn issue was transferred to another repository. For more information, see "Transferring an issue to another repository."
issue.unpinnedAn issue was unpinned from a repository. For more information, see "Pinning an issue to your repository."

issue_comment category actions

ActionDescription
issue_comment.destroyA comment on an issue was deleted from the repository.
issue_comment.pinnedA comment on an issue was pinned to a repository.
issue_comment.unpinnedA comment on an issue was unpinned from a repository.
issue_comment.updateA comment on an issue (other than the initial one) changed.

issues category actions

ActionDescription
issues.deletes_disabledThe ability for enterprise members to delete issues was disabled. Members cannot delete issues in any organizations in an enterprise. For more information, see "Enforcing a policy for deleting issues."
issues.deletes_enabledThe ability for enterprise members to delete issues was enabled. Members can delete issues in any organizations in an enterprise. For more information, see "Enforcing a policy for deleting issues."
issues.deletes_policy_clearedAn enterprise owner or site administrator cleared the policy setting for allowing members to delete issues in an enterprise. For more information, see "Enforcing a policy for deleting issues."

members_can_create_pages category actions

ActionDescription
members_can_create_pages.disableThe ability for members to publish GitHub Pages was disabled. Members cannot publish GitHub Pages in an organization. For more information, see "Managing the publication of GitHub Pages sites for your organization."
members_can_create_pages.enableThe ability for members to publish GitHub Pages was enabled. Members can publish GitHub Pages in an organization. For more information, see "Managing the publication of GitHub Pages sites for your organization."

members_can_create_private_pages category actions

ActionDescription
members_can_create_private_pages.disableThe ability for members to publish private GitHub Pages was disabled. Members cannot publish private GitHub Pages in an organization. For more information, see "Managing the publication of GitHub Pages sites for your organization."
members_can_create_private_pages.enableThe ability for members to publish private GitHub Pages was enabled. Members can publish private GitHub Pages in an organization. For more information, see "Managing the publication of GitHub Pages sites for your organization."

members_can_create_public_pages category actions

ActionDescription
members_can_create_public_pages.disableThe ability for members to publish public GitHub Pages was disabled. Members cannot publish public GitHub Pages in an organization. For more information, see "Managing the publication of GitHub Pages sites for your organization."
members_can_create_public_pages.enableThe ability for members to publish public GitHub Pages was enabled. Members can publish public GitHub Pages in an organization. For more information, see "Managing the publication of GitHub Pages sites for your organization."

members_can_delete_repos category actions

ActionDescription
members_can_delete_repos.clearAn enterprise owner or site administrator cleared the policy setting for deleting or transferring repositories in any organizations in an enterprise. For more information, see "Enforcing a policy for repository deletion and transfer."
members_can_delete_repos.disableThe ability for enterprise members to delete repositories was disabled. Members cannot delete or transfer repositories in any organizations in an enterprise. For more information, see "Enforcing a policy for repository deletion and transfer."
members_can_delete_repos.enableThe ability for enterprise members to delete repositories was enabled. Members can delete or transfer repositories in any organizations in an enterprise. For more information, see "Enforcing a policy for repository deletion and transfer."

members_can_view_dependency_insights category actions

ActionDescription
members_can_view_dependency_insights.clearAn enterprise owner or site administrator cleared the policy setting for viewing dependency insights in any organizations in an enterprise.
members_can_view_dependency_insights.disableThe ability for enterprise members to view dependency insights was disabled. Members cannot view dependency insights in any organizations in an enterprise.
members_can_view_dependency_insights.enableThe ability for enterprise members to view dependency insights was enabled. Members can view dependency insights in any organizations in an enterprise.

migration category actions

ActionDescription
migration.createA migration file was created for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance.
migration.destroy_fileA migration file for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance was deleted.
migration.downloadA migration file for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance was downloaded.

oauth_access category actions

ActionDescription
oauth_access.createAn OAuth access token was generated for a user account. For more information, see "Creating a personal access token."
oauth_access.destroyAn OAuth access token was deleted from a user account.

oauth_application category actions

ActionDescription
oauth_application.createAn OAuth application was created for a user or organization account.
oauth_application.destroyAn OAuth application was deleted from a user or organization account.
oauth_application.reset_secretAn OAuth application's secret key was reset.
oauth_application.revoke_tokensToken(s) for an OAuth application were revoked.
oauth_application.transferAn OAuth application was transferred from one user or organization account to another.
oauth_application.unsuspendAn OAuth application was unsuspended for a user or organization account.

org category actions

ActionDescription
org.accept_business_invitationAn invitation sent to an organization to join an enterprise was accepted.
org.add_billing_managerA billing manager was added to an organization.
org.add_memberA user joined an organization.
org.advanced_security_disabled_for_new_reposGitHub Advanced Security was disabled for new repositories in an organization.
org.advanced_security_disabled_on_all_reposGitHub Advanced Security was disabled for all repositories in an organization.
org.advanced_security_enabled_for_new_reposGitHub Advanced Security was enabled for new repositories in an organization.
org.advanced_security_enabled_on_all_reposGitHub Advanced Security was enabled for all repositories in an organization.
org.advanced_security_policy_selected_member_disabledAn enterprise owner prevented GitHub Advanced Security features from being enabled for repositories owned by the organization. For more information, see "Enforcing policies for Advanced Security in your enterprise."
org.advanced_security_policy_selected_member_enabledAn enterprise owner allowed GitHub Advanced Security features to be enabled for repositories owned by the organization. For more information, see "Enforcing policies for Advanced Security in your enterprise."
org.advanced_security_policy_updateAn organization owner updated polices for GitHub Advanced Security in an enterprise. For more information, see "Enforcing policies for Advanced Security in your enterprise."
org.async_deleteA user initiated a background job to delete an organization.
org.block_userAn organization owner blocked a user from accessing the organization's repositories.
org.cancel_business_invitationAn invitation for an organization to join an enterprise was revoked.
org.cancel_invitationAn invitation sent to a user to join an organization was revoked.
org.clear_actions_settingsAn organization owner cleared GitHub Actions policy settings for an organization. For more information, see "Managing GitHub Actions permissions for your organization."
org.clear_default_repository_permissionAn organization owner cleared the base repository permission policy setting for an organization. For more information, see "Setting base permissions."
org.clear_member_team_creation_permissionAn organization owner cleared the new teams creation setting for an organization. For more information, see "Setting team creation permissions in your organization."
org.clear_reader_discussion_creation_permissionAn organization owner cleared the new discussion creation setting for an organization.
org.clear_members_can_create_reposAn organization owner cleared a restriction on repository creation in an organization. For more information, see "Restricting repository creation in your organization."
org.clear_members_can_invite_outside_collaboratorsAn organization owner cleared the outside collaborators invitation policy for an organization. For more information, see "Setting permissions for adding outside collaborators."
org.clear_new_repository_default_branch_settingAn organization owner cleared the default branch name for new repositories setting for an organization. For more information, see "Setting the default branch name."
org.config.disable_collaborators_onlyThe interaction limit for collaborators only for an organization was disabled.
org.config.disable_contributors_onlyThe interaction limit for prior contributors only for an organization was disabled.
org.config.disable_sockpuppet_disallowedThe interaction limit for existing users only for an organization was disabled.
org.config.enable_collaborators_onlyThe interaction limit for collaborators only for an organization was enabled.
org.config.enable_contributors_onlyThe interaction limit for prior contributors only for an organization was enabled.
org.config.enable_sockpuppet_disallowedThe interaction limit for existing users only for an organization was enabled.
org.confirm_business_invitationAn invitation for an organization to join an enterprise was confirmed.
org.createAn organization was created. For more information, see "Creating a new organization from scratch."
org.create_actions_secretA GitHub Actions secret was created for an organization. For more information, see "Creating encrypted secrets for an organization."
org.create_integration_secretA Dependabot integration secret was created for an organization.
org.deleteAn organization was deleted by a user-initiated background job.
org.disable_member_team_creation_permissionAn organization owner limited team creation to owners. For more information, see "Setting team creation permissions in your organization."
org.disable_reader_discussion_creation_permissionAn organization owner limited discussion creation to users with at least triage permission in an organization.
org.disable_two_factor_requirementAn organization owner disabled a two-factor authentication requirement for all members and outside collaborators in an organization.
org.display_commenter_full_name_disabledAn organization owner disabled the display of a commenter's full name in an organization. Members cannot see a comment author's full name.
org.display_commenter_full_name_enabledAn organization owner enabled the display of a commenter's full name in an organization. Members can see a comment author's full name.
org.enable_member_team_creation_permissionAn organization owner allowed members to create teams. For more information, see "Setting team creation permissions in your organization."
org.enable_reader_discussion_creation_permissionAn organization owner allowed users with read access to create discussions in an organization.
org.enable_two_factor_requirementAn organization owner requires two-factor authentication for all members and outside collaborators in an organization.
org.integration_manager_addedAn organization owner granted a member access to manage all GitHub Apps owned by an organization.
org.integration_manager_removedAn organization owner removed access to manage all GitHub Apps owned by an organization from an organization member.
org.invite_memberA new user was invited to join an organization.
org.invite_to_businessAn organization was invited to join an enterprise.
org.members_can_update_protected_branches.clearAn organization owner unset a policy for whether members of an organization can update protected branches on repositories in an organization. Organization administrators can choose whether to allow updating protected branches settings.
org.members_can_update_protected_branches.disableThe ability for enterprise members to update protected branches was disabled. Only enterprise owners can update protected branches.
org.members_can_update_protected_branches.enableThe ability for enterprise members to update protected branches was enabled. Members of an organization can update protected branches.
org.recreateAn organization was restored.
org.register_self_hosted_runnerA new self-hosted runner was registered. For more information, see "Adding a self-hosted runner to an organization."
org.remove_actions_secretA GitHub Actions secret was removed.
org.remove_integration_secretA Dependabot integration secret was removed from an organization.
org.remove_billing_managerAn owner removed a billing manager from an organization. or when two-factor authentication was required in an organization and a billing manager didn't use 2FA or disabled 2FA.
org.remove_memberAn owner removed a member from an organization or when two-factor authentication was required in an organization and an organization member doesn't use 2FA or disabled 2FA. Also an organization member removed themselves from an organization.
org.remove_outside_collaboratorAn owner removed an outside collaborator from an organization or when two-factor authentication was required in an organization and an outside collaborator didn't use 2FA or disabled 2FA.
org.remove_self_hosted_runnerA self-hosted runner was removed. For more information, see "Removing a runner from an organization."
org.renameAn organization was renamed.
org.restore_memberAn organization member was restored. For more information, see "Reinstating a former member of your organization."
org.runner_group_createdA self-hosted runner group was created. For more information, see "Creating a self-hosted runner group for an organization."
org.runner_group_removedA self-hosted runner group was removed. For more information, see "Removing a self-hosted runner group."
org.runner_group_updatedThe configuration of a self-hosted runner group was changed. For more information, see "Changing the access policy of a self-hosted runner group."
org.runner_group_runner_removedThe REST API was used to remove a self-hosted runner from a group. For more information, see "Remove a self-hosted runner from a group for an organization."
org.runner_group_runners_addedA self-hosted runner was added to a group. For more information, see Moving a self-hosted runner to a group.
org.runner_group_runners_updatedA runner group's list of members was updated. For more information, see "Set self-hosted runners in a group for an organization."
org.self_hosted_runner_onlineThe runner application was started. Can only be viewed using the REST API; not visible in the UI or JSON/CSV export. For more information, see "Checking the status of a self-hosted runner."
org.self_hosted_runner_offlineThe runner application was stopped. Can only be viewed using the REST API; not visible in the UI or JSON/CSV export. For more information, see "Checking the status of a self-hosted runner."
org.self_hosted_runner_updatedThe runner application was updated. Can be viewed using the REST API and the UI; not visible in the JSON/CSV export. For more information, see "About self-hosted runners."
org.set_actions_retention_limitThe retention period for GitHub Actions artifacts and logs in an organization was changed. For more information, see "Configuring the retention period for GitHub Actions artifacts and logs in your organization."
org.set_fork_pr_workflows_policyThe policy for workflows on private repository forks was changed. For more information, see "Enabling workflows for private repository forks."
org.sso_responseA SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your organization. This event is only available via audit log streaming and the REST API.
org.transformA user account was converted into an organization. For more information, see "Converting a user into an organization."
org.unblock_userAn organization owner unblocked a user from an organization.
org.update_actions_secretA GitHub Actions secret was updated.
org.update_integration_secretA Dependabot integration secret was updated for an organization.
org.update_default_repository_permissionAn organization owner changed the default repository permission level for organization members.
org.update_memberAn organization owner changed a person's role from owner to member or member to owner.
org.update_member_repository_creation_permissionAn organization owner changed the create repository permission for organization members.
org.update_member_repository_invitation_permissionAn organization owner changed the policy setting for organization members inviting outside collaborators to repositories. For more information, see "Setting permissions for adding outside collaborators."
org.update_new_repository_default_branch_settingAn organization owner changed the name of the default branch for new repositories in the organization. For more information, see "Managing the default branch name for repositories in your organization."

org_credential_authorization category actions

ActionDescription
org_credential_authorization.deauthorizedA member deauthorized credentials for use with SAML single sign-on.
org_credential_authorization.grantA member authorized credentials for use with SAML single sign-on.
org_credential_authorization.revokeAn owner revoked authorized credentials.

organization_default_label category actions

ActionDescription
organization_default_label.createA default label for repositories in an organization was created. For more information, see "Creating a default label."
organization_default_label.updateA default label for repositories in an organization was edited. For more information, see "Editing a default label."
organization_default_label.destroyA default label for repositories in an organization was deleted. For more information, see "Deleting a default label."

organization_domain category actions

ActionDescription
organization_domain.approveAn enterprise domain was approved for an organization. For more information, see "Approving a domain for your organization."
organization_domain.createAn enterprise domain was added to an organization. For more information, see "Verifying a domain for your organization."
organization_domain.destroyAn enterprise domain was removed from an organization. For more information, see "Removing an approved or verified domain."
organization_domain.verifyAn enterprise domain was verified for an organization. For more information, see "Verifying a domain for your organization."

organization_projects_change category actions

ActionDescription
organization_projects_change.clearAn enterprise owner or site administrator cleared the policy setting for organization-wide project boards in an enterprise. For more information, see "Enforcing policies for projects in your enterprise."
organization_projects_change.disableOrganization projects were disabled for all organizations in an enterprise. For more information, see "Enforcing policies for projects in your enterprise."
organization_projects_change.enableOrganization projects were enabled for all organizations in an enterprise. For more information, see "Enforcing policies for projects in your enterprise."

packages category actions

ActionDescription
packages.insecure_hashMaven published an insecure hash for a specific package version.
packages.package_deletedA package was deleted from an organization. For more information, see "Deleting and restoring a package."
packages.package_publishedA package was published or republished to an organization.
packages.package_restoredAn entire package was restored. For more information, see "Deleting and restoring a package."
packages.package_version_deletedA specific package version was deleted. For more information, see "Deleting and restoring a package."
packages.package_version_publishedA specific package version was published or republished to a package.
packages.package_version_restoredA specific package version was deleted. For more information, see "Deleting and restoring a package."
packages.part_uploadA specific package version was partially uploaded to an organization.
packages.upstream_package_fetchedA specific package version was fetched from the npm upstream proxy.
packages.version_downloadA specific package version was downloaded.
packages.version_uploadA specific package version was uploaded.

pre_receive_environment category actions

ActionDescription
pre_receive_environment.createA pre-receive hook environment was created. For more information, see "Creating a pre-receive hook environment."
pre_receive_environment.destroyA pre-receive hook environment was deleted. For more information, see "Creating a pre-receive hook environment."
pre_receive_environment.downloadA pre-receive hook environment was downloaded. For more information, see "Creating a pre-receive hook environment."
pre_receive_environment.updateA pre-receive hook environment was updated. For more information, see "Creating a pre-receive hook environment."

pre_receive_hook category actions

ActionDescription
pre_receive_hook.createA pre-receive hook was created. For more information, see "Creating pre-receive hooks."
pre_receive_hook.destroyA pre-receive hook was deleted. For more information, see "Deleting pre-receive hooks."
pre_receive_hook.enforcementA pre-receive hook enforcement setting allowing repository and organization administrators to override the hook configuration was enabled or disabled. For more information, see "Managing pre-receive hooks on the GitHub Enterprise Server appliance."
pre_receive_hook.rejected_pushA pre-receive hook rejected a push.
pre_receive_hook.updateA pre-receive hook was created. For more information, see "Editing pre-receive hooks."
pre_receive_hook.warned_pushA pre-receive hook warned about a push.

private_repository_forking category actions

ActionDescription
private_repository_forking.clearAn enterprise owner or site administrator cleared the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise. For more information, see "Managing the forking policy for your repository, "Managing the forking policy for your organization and for enterprises "Enforcing a policy for forking private or internal repositories."
private_repository_forking.disableAn enterprise owner or site administrator disabled the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise. Private and internal repositories are never allowed to be forked. For more information, see "Managing the forking policy for your repository, "Managing the forking policy for your organization and for enterprises "Enforcing a policy for forking private or internal repositories."
private_repository_forking.enableAn enterprise owner or site administrator enabled the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise. Private and internal repositories are always allowed to be forked. For more information, see "Managing the forking policy for your repository, "Managing the forking policy for your organization and for enterprises "Enforcing a policy for forking private or internal repositories."

project category actions

ActionDescription
project.accessA project board visibility was changed. For more information, see "Changing project board visibility."
project.closeA project board was closed. For more information, see "Closing a project board."
project.createA project board was created. For more information, see "Creating a project board."
project.deleteA project board was deleted. For more information, see "Deleting a project board."
project.linkA repository was linked to a project board. For more information, see "Linking a repository to a project board."
project.openA project board was reopened. For more information, see "Reopening a closed project board."
project.renameA project board was renamed. For more information, see "Editing a project board."
project.unlinkA repository was unlinked from a project board. For more information, see "Linking a repository to a project board."
project.update_org_permissionThe project's base-level permission for all organization members was changed or removed. For more information, see "Managing access to a project board for organization members."
project.update_team_permissionA team's project board permission level was changed or when a team was added or removed from a project board. For more information, see "Managing team access to an organization project board."
project.update_user_permissionAn organization member or outside collaborator was added to or removed from a project board or had their permission level changed. For more information, see "Managing an individual’s access to an organization project board."

protected_branch category actions

ActionDescription
protected_branch.create Branch protection was enabled on a branch.
protected_branch.destroyBranch protection was disabled on a branch.
protected_branch.dismiss_stale_reviews Enforcement of dismissing stale pull requests was updated on a branch.
protected_branch.dismissal_restricted_users_teamsEnforcement of restricting users and/or teams who can dismiss reviews was updated on a branch.
protected_branch.policy_override A branch protection requirement was overridden by a repository administrator.
protected_branch.rejected_ref_update A branch update attempt was rejected.
protected_branch.required_status_overrideThe required status checks branch protection requirement was overridden by a repository administrator.
protected_branch.review_policy_and_required_status_overrideThe required reviews and required status checks branch protection requirements were overridden by a repository administrator.
protected_branch.review_policy_overrideThe required reviews branch protection requirement was overridden by a repository administrator.
protected_branch.update_admin_enforced Branch protection was enforced for repository administrators.
protected_branch.update_allow_deletions_enforcement_levelEnforcement of allowing users with push access to delete matching branches was updated on a branch.
protected_branch.update_allow_force_pushes_enforcement_levelEnforcement of allowing force pushes for all users with push access was updated on a branch.
protected_branch.update_linear_history_requirement_enforcement_levelEnforcement of requiring linear commit history was updated on a branch.
protected_branch.update_pull_request_reviews_enforcement_level Enforcement of required pull request reviews was updated on a branch. Can be one of 0(deactivated), 1(non-admins), 2(everyone).
protected_branch.update_require_code_owner_review Enforcement of required code owner review was updated on a branch.
protected_branch.update_required_approving_review_countEnforcement of the required number of approvals before merging was updated on a branch.
protected_branch.update_required_status_checks_enforcement_level Enforcement of required status checks was updated on a branch.
protected_branch.update_signature_requirement_enforcement_level Enforcement of required commit signing was updated on a branch.
protected_branch.update_strict_required_status_checks_policyEnforcement of required status checks was updated on a branch.
protected_branch.update_nameA branch name pattern was updated for a branch.

public_key category actions

ActionDescription
public_key.createAn SSH key was added to a user account or a deploy key was added to a repository.
public_key.deleteAn SSH key was removed from a user account or a deploy key was removed from a repository.
public_key.updateA user account's SSH key or a repository's deploy key was updated.
public_key.unverification_failureA user account's SSH key or a repository's deploy key was unable to be unverified.
public_key.unverifyA user account's SSH key or a repository's deploy key was unverified.
public_key.verification_failureA user account's SSH key or a repository's deploy key was unable to be verified.
public_key.verifyA user account's SSH key or a repository's deploy key was verified.

pull_request category actions

ActionDescription
pull_request.closeA pull request was closed without being merged. For more information, see "Closing a pull request."
pull_request.converted_to_draftA pull request was converted to a draft. For more information, see "Changing the stage of a pull request."
pull_request.createA pull request was created. For more information, see "Creating a pull request."
pull_request.create_review_requestA review was requested on a pull request. For more information, see "About pull request reviews."
pull_request.in_progressA pull request was marked as in progress.
pull_request.indirect_mergeA pull request was considered merged because the pull request's commits were merged into the target branch.
pull_request.mergeA pull request was merged. For more information, see "Merging a pull request."
pull_request.ready_for_reviewA pull request was marked as ready for review. For more information, see "Changing the stage of a pull request."
pull_request.remove_review_requestA review request was removed from a pull request. For more information, see "About pull request reviews."
pull_request.reopenA pull request was reopened after previously being closed.
pull_request_review.deleteA review on a pull request was deleted.
pull_request_review.dismissA review on a pull request was dismissed. For more information, see "Dismissing a pull request review."
pull_request_review.submitA review was submitted for a pull request. For more information, see "About pull request reviews."

pull_request_review category actions

ActionDescription
pull_request_review.deleteA review on a pull request was deleted.
pull_request_review.dismissA review on a pull request was dismissed. For more information, see "Dismissing a pull request review."
pull_request_review.submitA review on a pull request was submitted. For more information, see "Submitting your review."

pull_request_review_comment category actions

ActionDescription
pull_request_review_comment.createA review comment was added to a pull request. For more information, see "About pull request reviews."
pull_request_review_comment.deleteA review comment on a pull request was deleted.
pull_request_review_comment.updateA review comment on a pull request was changed.

repo category actions

ActionDescription
repo.accessThe visibility of a repository changed to private, public, or internal.
repo.actions_enabledGitHub Actions was enabled for a repository.
repo.add_memberA collaborator was added to a repository.
repo.add_topicA topic was added to a repository.
repo.advanced_security_disabledGitHub Advanced Security was disabled for a repository.
repo.advanced_security_enabledGitHub Advanced Security was enabled for a repository.
repo.advanced_security_policy_selected_member_disabledA repository administrator prevented GitHub Advanced Security features from being enabled for a repository.
repo.advanced_security_policy_selected_member_enabledA repository administrator allowed GitHub Advanced Security features to be enabled for a repository.
repo.archivedA repository was archived. For more information, see "Archiving a GitHub repository."
repo.code_scanning_analysis_deletedCode scanning analysis for a repository was deleted. For more information, see "Delete a code scanning analysis from a repository."
repo.change_merge_settingPull request merge options were changed for a repository.
repo.clear_actions_settingsA repository administrator cleared GitHub Actions policy settings for a repository.
repo.configA repository administrator blocked force pushes. For more information, see Blocking force pushes to a repository to a repository.
repo.config.disable_anonymous_git_accessAnonymous Git read access was disabled for a repository. For more information, see "Enabling anonymous Git read access for a repository."
repo.config.enable_anonymous_git_accessAnonymous Git read access was enabled for a repository. For more information, see "Enabling anonymous Git read access for a repository."
repo.config.lock_anonymous_git_accessA repository's anonymous Git read access setting was locked, preventing repository administrators from changing (enabling or disabling) this setting. For more information, see "Preventing users from changing anonymous Git read access."
repo.config.unlock_anonymous_git_accessA repository's anonymous Git read access setting was unlocked, allowing repository administrators to change (enable or disable) this setting. For more information, see "Preventing users from changing anonymous Git read access."
repo.createA repository was created.
repo.create_actions_secretA GitHub Actions secret was created for a repository. For more information, see "Creating encrypted secrets for a repository."
repo.create_integration_secretA Dependabot integration secret was created for a repository.
repo.destroyA repository was deleted.
repo.disk_archiveA repository was archived on disk. For more information, see "Archiving repositories."
repo.download_zipA source code archive of a repository was downloaded as a ZIP file.
repo.pages_cnameA GitHub Pages custom domain was modified in a repository.
repo.pages_createA GitHub Pages site was created.
repo.pages_destroyA GitHub Pages site was deleted.
repo.pages_https_redirect_disabledHTTPS redirects were disabled for a GitHub Pages site.
repo.pages_https_redirect_enabledHTTPS redirects were enabled for a GitHub Pages site.
repo.pages_sourceA GitHub Pages source was modified.
repo.pages_privateA GitHub Pages site visibility was changed to private.
repo.pages_publicA GitHub Pages site visibility was changed to public.
repo.register_self_hosted_runnerA new self-hosted runner was registered. For more information, see "Adding a self-hosted runner to a repository."
repo.remove_self_hosted_runnerA self-hosted runner was removed. For more information, see "Removing a runner from a repository."
repo.remove_actions_secretA GitHub Actions secret was deleted for a repository.
repo.remove_integration_secretA Dependabot integration secret was deleted for a repository.
repo.remove_memberA collaborator was removed from a repository.
repo.remove_topicA topic was removed from a repository.
repo.renameA repository was renamed.
repo.set_actions_retention_limitThe retention period for GitHub Actions artifacts and logs in a repository was changed. For more information, see "Configuring the retention period for GitHub Actions artifacts and logs in your repository."
repo.self_hosted_runner_onlineThe runner application was started. Can only be viewed using the REST API; not visible in the UI or JSON/CSV export. For more information, see "Checking the status of a self-hosted runner."
repo.self_hosted_runner_offlineThe runner application was stopped. Can only be viewed using the REST API; not visible in the UI or JSON/CSV export. For more information, see "Checking the status of a self-hosted runner."
repo.self_hosted_runner_updatedThe runner application was updated. Can be viewed using the REST API and the UI; not visible in the JSON/CSV export. For more information, see "About self-hosted runners."
repo.staff_unlockAn enterprise administrator or GitHub staff (with permission from a repository administrator) temporarily unlocked the repository.
repo.transferA user accepted a request to receive a transferred repository.
repo.transfer_outgoingA repository was transferred to another repository network.
repo.transfer_startA user sent a request to transfer a repository to another user or organization.
repo.unarchivedA repository was unarchived. For more information, see "Archiving a GitHub repository."
repo.update_actions_settingsA repository administrator changed GitHub Actions policy settings for a repository.
repo.update_actions_secretA GitHub Actions secret was updated.
repo.update_actions_access_settingsThe setting to control how a repository was used by GitHub Actions workflows in other repositories was changed.
repo.update_default_branchThe default branch for a repository was changed.
repo.update_integration_secretA Dependabot or GitHub Codespaces integration secret was updated for a repository.
repo.update_memberA user's permission to a repository was changed.

repository_image category actions

ActionDescription
repository_image.createAn image to represent a repository was uploaded.
repository_image.destroyAn image to represent a repository was deleted.

repository_invitation category actions

ActionDescription
repository_invitation.acceptAn invitation to join a repository was accepted.
repository_invitation.cancelAn invitation to join a repository was canceled.
repository_invitation.createAn invitation to join a repository was sent.
repository_invitation.rejectAn invitation to join a repository was declined.

repository_projects_change category actions

ActionDescription
repository_projects_change.clearThe repository projects policy was removed for an organization, or all organizations in the enterprise. Organization admins can now control their repository projects settings. For more information, see "Enforcing policies for projects in your enterprise."
repository_projects_change.disableRepository projects were disabled for a repository, all repositories in an organization, or all organizations in an enterprise.
repository_projects_change.enableRepository projects were enabled for a repository, all repositories in an organization, or all organizations in an enterprise.

repository_secret_scanning category actions

ActionDescription
repository_secret_scanning.disableA repository owner or administrator disabled secret scanning for a repository. For more information, see "About secret scanning."
repository_secret_scanning.enableA repository owner or administrator enabled secret scanning for a repository.

repository_visibility_change category actions

ActionDescription
repository_visibility_change.clearThe repository visibility change setting was cleared for an organization or enterprise. For more information, see "Restricting repository visibility changes in your organization" and "Enforcing a policy for changes to repository visibility for an enterprise."
repository_visibility_change.disableThe ability for enterprise members to update a repository's visibility was disabled. Members are unable to change repository visibilities in an organization, or all organizations in an enterprise.
repository_visibility_change.enableThe ability for enterprise members to update a repository's visibility was enabled. Members are able to change repository visibilities in an organization, or all organizations in an enterprise.

repository_vulnerability_alert category actions

ActionDescription
repository_vulnerability_alert.createGitHub Enterprise Server created a Dependabot alert for a repository that uses an insecure dependency. For more information, see "About Dependabot alerts."
repository_vulnerability_alert.dismissAn organization owner or repository administrator dismissed a Dependabot alert about a vulnerable dependency.
repository_vulnerability_alert.resolveSomeone with write access to a repository pushed changes to update and resolve a Dependabot alert in a project dependency.

required_status_check category actions

ActionDescription
required_status_check.createA status check was marked as required for a protected branch. For more information, see "Require status checks before merging."
required_status_check.destroyA status check was no longer marked as required for a protected branch. For more information, see "Require status checks before merging."

restrict_notification_delivery category actions

ActionDescription
restrict_notification_delivery.enableEmail notification restrictions for an organization or enterprise were enabled. For more information, see "Restricting email notifications for your organization" and "Restricting email notifications for your enterprise."
restrict_notification_delivery.disableEmail notification restrictions for an organization or enterprise were disabled. For more information, see "Restricting email notifications for your organization" and "Restricting email notifications for your enterprise."

secret_scanning category actions

ActionDescription
secret_scanning.disableAn organization owner disabled secret scanning for all existing repositories. For more information, see "About secret scanning."
secret_scanning.enableAn organization owner enabled secret scanning for all existing repositories.

secret_scanning_new_repos category actions

ActionDescription
secret_scanning_new_repos.disableAn organization owner disabled secret scanning for all new repositories. For more information, see "About secret scanning."
secret_scanning_new_repos.enableAn organization owner enabled secret scanning for all new repositories.

security_key category actions

ActionDescription
security_key.registerA security key was registered for an account.
security_key.removeA security key was removed from an account.

ssh_certificate_authority category actions

ActionDescription
ssh_certificate_authority.createAn SSH certificate authority for an organization or enterprise was created. For more information, see "Managing your organization's SSH certificate authorities" and "Managing SSH certificate authorities for your enterprise."
ssh_certificate_authority.destroyAn SSH certificate authority for an organization or enterprise was deleted. For more information, see "Managing your organization's SSH certificate authorities" and "Managing SSH certificate authorities for your enterprise."

ssh_certificate_requirement category actions

ActionDescription
ssh_certificate_requirement.enableThe requirement for members to use SSH certificates to access an organization resources was enabled. For more information, see "Managing your organization's SSH certificate authorities" and "Managing SSH certificate authorities for your enterprise."
ssh_certificate_requirement.disableThe requirement for members to use SSH certificates to access an organization resources was disabled. For more information, see "Managing your organization's SSH certificate authorities" and "Managing SSH certificate authorities for your enterprise."

staff category actions

ActionDescription
staff.disable_repoAn organization, repository or site administrator disabled access to a repository and all of its forks.
staff.enable_repoAn organization, repository or site administrator re-enabled access to a repository and all of its forks.
staff.exit_fake_loginAn enterprise owner or site administrator ended an impersonation session on GitHub Enterprise Server.
staff.fake_loginAn enterprise owner or site administrator signed into GitHub Enterprise Server as another user.
staff.repo_lockAn organization, repository or site administrator locked (temporarily gained full access to) a user's private repository.
staff.repo_unlockAn organization, repository or site administrator unlocked (ended their temporary access to) a user's private repository.
staff.search_audit_logA site administrator performed a search of the site admin audit log.
staff.set_domain_token_expirationA site administrator or GitHub staff set the verification code expiry time for an organization or enterprise domain. For more information, see "Verifying or approving a domain for your organization" and "Verifying or approving a domain for your enterprise."
staff.unlockA site administrator unlocked (temporarily gained full access to) all of a user's private repositories.
staff.unverify_domainA site administrator or GitHub staff unverified an organization or enterprise domain. For more information, see "Verifying or approving a domain for your organization" and "Verifying or approving a domain for your enterprise."
staff.verify_domainA site administrator or GitHub staff verified an organization or enterprise domain. For more information, see "Verifying or approving a domain for your organization" and "Verifying or approving a domain for your enterprise."
staff.view_audit_logA site administrator viewed the site admin audit log.

team category actions

ActionDescription
team.add_memberA member of an organization was added to a team. For more information, see "Adding organization members to a team."
team.add_repositoryA team was given access and permissions to a repository.
team.change_parent_teamA child team was created or a child team's parent was changed. For more information, see "Moving a team in your organization’s hierarchy."
team.change_privacyA team's privacy level was changed. For more information, see "Changing team visibility."
team.createA user account or repository was added to a team.
team.deleteA user account or repository was removed from a team.
team.destroyA team was deleted.
team.demote_maintainerA user was demoted from a team maintainer to a team member.
team.promote_maintainerA user was promoted from a team member to a team maintainer. For more information, see "Promoting an organization member to team maintainer."
team.remove_memberA member of an organization was removed from a team. For more information, see "Removing organization members from a team."
team.remove_repositoryA repository was no longer under a team's control.
team.renameA team's name was changed.
team.update_permissionA team's access was changed.
team.update_repository_permissionA team's permission to a repository was changed.

team_discussions category actions

ActionDescription
team_discussions.clearAn organization owner cleared the setting to allow team discussions for an organization or enterprise.
team_discussions.disableAn organization owner disabled team discussions for an organization. For more information, see "Disabling team discussions for your organization."
team_discussions.enableAn organization owner enabled team discussions for an organization.

two_factor_authentication category actions

ActionDescription
two_factor_authentication.disabledTwo-factor authentication was disabled for a user account.
two_factor_authentication.enabledTwo-factor authentication was enabled for a user account.
two_factor_authentication.password_reset_fallback_smsA one-time password code was sent to a user account fallback phone number.
two_factor_authentication.recovery_codes_regeneratedTwo factor recovery codes were regenerated for a user account.
two_factor_authentication.sign_in_fallback_smsA one-time password code was sent to a user account fallback phone number.
two_factor_authentication.update_fallbackThe two-factor authentication fallback for a user account was changed.

user category actions

ActionDescription
user.add_emailAn email address was added to a user account.
user.async_deleteAn asynchronous job was started to destroy a user account, eventually triggering a user.delete event.
user.audit_log_exportAudit log entries were exported.
user.block_userA user was blocked by another user or a site administrator.
user.change_passwordA user changed his or her password.
user.createA new user account was created.
user.creation_rate_limit_exceededThe rate of creation of user accounts, applications, issues, pull requests or other resources exceeded the configured rate limits, or too many users were followed too quickly.
user.deleteA user account was destroyed by an asynchronous job.
user.demoteA site administrator was demoted to an ordinary user account.
user.destroyA user deleted his or her account, triggering user.async_delete.
user.failed_loginA user tries to sign in with an incorrect username, password, or two-factor authentication code.
user.flag_as_large_scale_contributorA user account was flagged as a large scale contributor. Only contributions from public repositories the user owns will be shown in their contribution graph, in order to prevent timeouts.
user.forgot_passwordA user requested a password reset via the sign-in page.
user.hide_private_contributions_countA user changed the visibility of their private contributions. The number of contributions to private repositories on the user's profile are now hidden. For more information, see "Publicizing or hiding your private contributions on your profile."
user.lockoutA user was locked out of their account.
user.loginA user signed in.
user.mandatory_message_viewedA user viewed a mandatory message. For more information see "Customizing user messages for your enterprise" for details."
user.minimize_commentA comment made by a user was minimized.
user.promoteAn ordinary user account was promoted to a site administrator.
user.recreateA user's account was restored.
user.remove_emailAn email address was removed from a user account.
user.remove_large_scale_contributor_flagA user account was no longer flagged as a large scale contributor.
user.renameA username was changed.
user.reset_passwordA user reset their account password.
user.show_private_contributions_countA user changed the visibility of their private contributions. The number of contributions to private repositories on the user's profile are now shown. For more information, see "Publicizing or hiding your private contributions on your profile."
user.sign_in_from_unrecognized_deviceA user signed in from an unrecognized device.
user.sign_in_from_unrecognized_device_and_locationA user signed in from an unrecognized device and location.
user.sign_in_from_unrecognized_locationA user signed in from an unrecognized location.
user.suspendA user account was suspended by an enterprise owner or site administrator.
user.two_factor_challenge_failureA 2FA challenge issued for a user account failed.
user.two_factor_challenge_successA 2FA challenge issued for a user account succeeded.
user.two_factor_recoverA user used their 2FA recovery codes.
user.two_factor_recovery_codes_downloadedA user downloaded 2FA recovery codes for their account.
user.two_factor_recovery_codes_printedA user printed 2FA recovery codes for their account.
user.two_factor_recovery_codes_viewedA user viewed 2FA recovery codes for their account.
user.two_factor_requestedA user was prompted for a two-factor authentication code.
user.unblock_userA user was unblocked another user or a site administrator.
user.unminimize_commentA comment made by a user was unminimized.
user.unsuspendA user account was unsuspended by an enterprise owner or site administrator.

user_license category actions

ActionDescription
user_license.createA seat license for a user in an enterprise was created.
user_license.destroyA seat license for a user in an enterprise was deleted.
user_license.updateA seat license type for a user in an enterprise was changed.

workflows category actions

ActionDescription
workflows.approve_workflow_jobA workflow job was approved. For more information, see "Reviewing deployments."
workflows.cancel_workflow_runA workflow run was cancelled. For more information, see "Canceling a workflow."
workflows.delete_workflow_runA workflow run was deleted. For more information, see "Deleting a workflow run."
workflows.disable_workflowA workflow was disabled.
workflows.enable_workflowA workflow was enabled, after previously being disabled by disable_workflow.
workflows.reject_workflow_jobA workflow job was rejected. For more information, see "Reviewing deployments."
workflows.rerun_workflow_runA workflow run was re-run. For more information, see "Re-running a workflow."
workflows.completed_workflow_runA workflow status changed to completed. Can only be viewed using the REST API; not visible in the UI or the JSON/CSV export. For more information, see "Viewing workflow run history.
workflows.created_workflow_runA workflow run was created. Can only be viewed using the REST API; not visible in the UI or the JSON/CSV export. For more information, see "Create an example workflow."
workflows.prepared_workflow_jobA workflow job was started. Includes the list of secrets that were provided to the job. Can only be viewed using the REST API. It is not visible in the GitHub web interface or included in the JSON/CSV export. For more information, see "Events that trigger workflows."