Note
- This article contains the events that may appear in your organization's audit log. For the events that can appear in a user account's security log, see "Security log events."
- Webhooks might be a good alternative to the audit log or API polling for certain use cases. Webhooks are a way for GitHub to notify your server when specific events occur for a repository, organization, or enterprise. Compared to the API or searching the audit log, webhooks can be more efficient if you just want to learn and possibly log when certain events occur on your enterprise, organization, or repository. See "Webhooks documentation."
About audit log events for your organization
The name for each audit log entry is composed of a category of events, followed by an operation type. For example, the repo.create
entry refers to the create
operation on the repo
category. The reference information in this article is grouped by categories.
account
Action | Description |
---|---|
account.plan_change | The account's plan changed. |
actions_cache
Action | Description |
---|---|
actions_cache.delete | A GitHub Actions cache was deleted using the REST API. |
advisory_credit
Action | Description |
---|---|
advisory_credit.accept | Credit was accepted for a security advisory. |
advisory_credit.create | Someone was added to the credit section of a security advisory. |
advisory_credit.decline | Credit was declined for a security advisory. |
advisory_credit.destroy | Someone was removed from the credit section of a security advisory. |
artifact
Action | Description |
---|---|
artifact.destroy | A workflow run artifact was manually deleted. |
auto_approve_personal_access_token_requests
Action | Description |
---|---|
auto_approve_personal_access_token_requests.disable | Triggered when the organization must approve fine-grained personal access tokens before the tokens can access organization resources. See also: personal_access_token.auto_approve_grant_requests_disabled |
auto_approve_personal_access_token_requests.enable | Triggered when fine-grained personal access tokens can access organization resources without prior approval. See also: personal_access_token.auto_approve_grant_requests_enabled |
billing
Action | Description |
---|---|
billing.change_billing_type | The way the account pays for GitHub was changed. |
billing.change_email | The billing email address changed. |
checks
Action | Description |
---|---|
checks.auto_trigger_disabled | Automatic creation of check suites was disabled on a repository in the organization or enterprise. |
checks.auto_trigger_enabled | Automatic creation of check suites was enabled on a repository in the organization or enterprise. |
checks.delete_logs | Logs in a check suite were deleted. |
codespaces
Action | Description |
---|---|
codespaces.allow_permissions | A codespace using custom permissions from its devcontainer.json file was launched. |
codespaces.attempted_to_create_from_prebuild | An attempt to create a codespace from a prebuild was made. |
codespaces.business_enablement_updated | Enterprise setting for Codespaces ownership was updated. |
codespaces.connect | Credentials for a codespace were refreshed. |
codespaces.create | A codespace was created |
codespaces.destroy | A user deleted a codespace. |
codespaces.export_environment | A codespace was exported to a branch on GitHub. |
codespaces.policy_group_created | Policies were applied to codespaces in an organization or enterprise. |
codespaces.policy_group_deleted | Policies were removed from codespaces in an organization or enterprise. |
codespaces.policy_group_updated | Policies were updated for codespaces in an organization or enterprise. |
codespaces.restore | A codespace was restored. |
codespaces.start_environment | A codespace was started. |
codespaces.suspend_environment | A codespace was stopped. |
codespaces.trusted_repositories_access_update | A personal account's access and security setting for Codespaces were updated. |
commit_comment
Action | Description |
---|---|
commit_comment.destroy | A commit comment was deleted. |
commit_comment.update | A commit comment was updated. |
copilot
Action | Description |
---|---|
copilot.access_revoked | Copilot access was revoked for the organization or enterprise due to its Copilot subscription ending, an issue with billing the entity, the entity being marked spammy, or the entity being suspended. |
copilot.cfb_org_settings_changed | Copilot feature settings were changed at the organization level. |
copilot.cfb_seat_added | A Copilot Business or Copilot Enterprise seat was added for a user and they have received access to GitHub Copilot. This can occur as the result of directly assigning a seat for a user, assigning a seat for a team, or setting the organization to allow access for all members. |
copilot.cfb_seat_assignment_created | A Copilot Business or Copilot Enterprise seat assignment was newly created for a user or a team, and seats are being created. |
copilot.cfb_seat_assignment_refreshed | A seat assignment that was previously pending cancellation was re-assigned and the user will retain access to Copilot. |
copilot.cfb_seat_assignment_reused | A Copilot Business or Copilot Enterprise seat assignment was re-created for a user who already had a seat with no pending cancellation date, and the user will retain access to Copilot. |
copilot.cfb_seat_assignment_unassigned | A user or team's Copilot Business or Copilot Enterprise seat assignment was unassigned, and the user(s) will lose access to Copilot at the end of the current billing cycle. |
copilot.cfb_seat_cancelled | A user's Copilot Business or Copilot Enterprise seat was canceled, and the user no longer has access to Copilot. |
copilot.cfb_seat_cancelled_by_staff | A user's Copilot Business or Copilot Enterprise seat was canceled manually by GitHub staff, and the user no longer has access to Copilot. |
copilot.cfb_seat_management_changed | The seat management setting was changed at the organization level to either enable or disable Copilot access for all members of the organization, or to enable Copilot access for selected members or teams. |
copilot.content_exclusion_changed | The excluded paths for GitHub Copilot were updated. |
copilot.knowledge_base_created | A knowledge base was created in the organization. |
copilot.knowledge_base_deleted | A knowledge base was deleted from the organization. |
copilot.knowledge_base_updated | A knowledge base was updated in the organization. |
copilot.plan_changed | The plan for GitHub Copilot was updated. |
copilot.plan_downgrade_scheduled | The plan for GitHub Copilot was scheduled to be downgraded. |
custom_property_definition
Action | Description |
---|---|
custom_property_definition.create | A new custom property definition was created. |
custom_property_definition.destroy | A custom property definition was deleted. |
custom_property_definition.update | A custom property definition was updated. |
custom_property_value
Action | Description |
---|---|
custom_property_value.create | A repository's custom property value was manually set for the first time. |
custom_property_value.destroy | A repository's custom property value was deleted. |
custom_property_value.update | A repository's custom property value was updated. |
dependabot_alerts
Action | Description |
---|---|
dependabot_alerts.disable | Dependabot alerts were disabled for all existing repositories. |
dependabot_alerts.enable | Dependabot alerts were enabled for all existing repositories. |
dependabot_alerts_new_repos
Action | Description |
---|---|
dependabot_alerts_new_repos.disable | Dependabot alerts were disabled for all new repositories. |
dependabot_alerts_new_repos.enable | Dependabot alerts were enabled for all new repositories. |
dependabot_repository_access
Action | Description |
---|---|
dependabot_repository_access.repositories_updated | The repositories that Dependabot can access were updated. |
dependabot_security_updates
Action | Description |
---|---|
dependabot_security_updates.disable | Dependabot security updates were disabled for all existing repositories. |
dependabot_security_updates.enable | Dependabot security updates were enabled for all existing repositories. |
dependabot_security_updates_new_repos
Action | Description |
---|---|
dependabot_security_updates_new_repos.disable | Dependabot security updates were disabled for all new repositories. |
dependabot_security_updates_new_repos.enable | Dependabot security updates were enabled for all new repositories. |
dependency_graph
Action | Description |
---|---|
dependency_graph.disable | The dependency graph was disabled for all existing repositories. |
dependency_graph.enable | The dependency graph was enabled for all existing repositories. |
dependency_graph_new_repos
Action | Description |
---|---|
dependency_graph_new_repos.disable | The dependency graph was disabled for all new repositories. |
dependency_graph_new_repos.enable | The dependency graph was enabled for all new repositories. |
discussion_post
Action | Description |
---|---|
discussion_post.destroy | Triggered when a team discussion post is deleted. |
discussion_post.update | Triggered when a team discussion post is edited. |
discussion_post_reply
Action | Description |
---|---|
discussion_post_reply.destroy | Triggered when a reply to a team discussion post is deleted. |
discussion_post_reply.update | Triggered when a reply to a team discussion post is edited. |
enterprise_installation
Action | Description |
---|---|
enterprise_installation.create | The GitHub App associated with a GitHub Connect connection was created. |
enterprise_installation.destroy | The GitHub App associated with a GitHub Connect connection was deleted. |
environment
Action | Description |
---|---|
environment.add_protection_rule | A GitHub Actions deployment protection rule was created via the API. |
environment.create_actions_secret | A secret was created for a GitHub Actions environment. |
environment.create_actions_variable | A variable was created for a GitHub Actions environment. |
environment.delete | An environment was deleted. |
environment.remove_actions_secret | A secret was deleted for a GitHub Actions environment. |
environment.remove_actions_variable | A variable was deleted for a GitHub Actions environment. |
environment.remove_protection_rule | A GitHub Actions deployment protection rule was deleted via the API. |
environment.update_actions_secret | A secret was updated for a GitHub Actions environment. |
environment.update_actions_variable | A variable was updated for a GitHub Actions environment. |
environment.update_protection_rule | A GitHub Actions deployment protection rule was updated via the API. |
git
Action | Description |
---|---|
git.clone | A repository was cloned. |
git.fetch | Changes were fetched from a repository. |
git.push | Changes were pushed to a repository. |
hook
Action | Description |
---|---|
hook.active_changed | A hook's active status was updated. |
hook.config_changed | A hook's configuration was changed. |
hook.create | A new hook was added. |
hook.destroy | A hook was deleted. |
hook.events_changed | A hook's configured events were changed. |
integration
Action | Description |
---|---|
integration.create | A GitHub App was created. |
integration.destroy | A GitHub App was deleted. |
integration.manager_added | A member of an enterprise or organization was added as a GitHub App manager. |
integration.manager_removed | A member of an enterprise or organization was removed from being a GitHub App manager. |
integration.remove_client_secret | A client secret for a GitHub App was removed. |
integration.revoke_all_tokens | All user tokens for a GitHub App were requested to be revoked. |
integration.revoke_tokens | Token(s) for a GitHub App were revoked. |
integration.suspend | A GitHub App was suspended. |
integration.transfer | Ownership of a GitHub App was transferred to another user or organization. |
integration.unsuspend | A GitHub App was unsuspended. |
integration_installation
Action | Description |
---|---|
integration_installation.create | A GitHub App was installed. |
integration_installation.destroy | A GitHub App was uninstalled. |
integration_installation.repositories_added | Repositories were added to a GitHub App. |
integration_installation.repositories_removed | Repositories were removed from a GitHub App. |
integration_installation.suspend | A GitHub App was suspended. |
integration_installation.unsuspend | A GitHub App was unsuspended. |
integration_installation.version_updated | Permissions for a GitHub App were updated. |
integration_installation_request
Action | Description |
---|---|
integration_installation_request.close | A request to install a GitHub App was either approved or denied by an owner, or canceled by the member who opened the request. |
integration_installation_request.create | A member requested that an owner install a GitHub App. |
ip_allow_list
Action | Description |
---|---|
ip_allow_list.disable | An IP allow list was disabled. |
ip_allow_list.disable_for_installed_apps | An IP allow list was disabled for installed GitHub Apps. |
ip_allow_list.enable | An IP allow list was enabled. |
ip_allow_list.enable_for_installed_apps | An IP allow list was enabled for installed GitHub Apps. |
ip_allow_list_entry
Action | Description |
---|---|
ip_allow_list_entry.create | An IP address was added to an IP allow list. |
ip_allow_list_entry.destroy | An IP address was deleted from an IP allow list. |
ip_allow_list_entry.update | An IP address or its description was changed. |
issue_comment
Action | Description |
---|---|
issue_comment.destroy | A comment on an issue was deleted from the repository. |
issue_comment.update | A comment on an issue (other than the initial one) changed. |
issue
Action | Description |
---|---|
issue.destroy | An issue was deleted from the repository. |
issue.pinned | An issue was pinned to a repository. |
issue.transfer | An issue was transferred to another repository. |
issue.unpinned | An issue was unpinned from a repository. |
issues
Action | Description |
---|---|
issues.deletes_disabled | The ability for enterprise members to delete issues was disabled Members cannot delete issues in any organizations in an enterprise. |
issues.deletes_enabled | The ability for enterprise members to delete issues was enabled Members can delete issues in any organizations in an enterprise. |
issues.deletes_policy_cleared | An enterprise owner cleared the policy setting for allowing members to delete issues in an enterprise. |
marketplace_agreement_signature
Action | Description |
---|---|
marketplace_agreement_signature.create | The GitHub Marketplace Developer Agreement was signed. |
marketplace_listing
Action | Description |
---|---|
marketplace_listing.approve | A listing was approved for inclusion in GitHub Marketplace. |
marketplace_listing.change_category | A category for a listing for an app in GitHub Marketplace was changed. |
marketplace_listing.create | A listing for an app in GitHub Marketplace was created. |
marketplace_listing.delist | A listing was removed from GitHub Marketplace. |
marketplace_listing.redraft | A listing was sent back to draft state. |
marketplace_listing.reject | A listing was not accepted for inclusion in GitHub Marketplace. |
members_can_create_pages
Action | Description |
---|---|
members_can_create_pages.disable | The ability for members to publish GitHub Pages sites was disabled. |
members_can_create_pages.enable | The ability for members to publish GitHub Pages sites was enabled. |
members_can_create_private_pages
Action | Description |
---|---|
members_can_create_private_pages.disable | The ability for members to publish private GitHub Pages was disabled Members cannot publish private GitHub Pages in an organization. |
members_can_create_private_pages.enable | The ability for members to publish private GitHub Pages was enabled Members can publish private GitHub Pages in an organization. |
members_can_create_public_pages
Action | Description |
---|---|
members_can_create_public_pages.disable | The ability for members to publish public GitHub Pages was disabled Members cannot publish public GitHub Pages in an organization. |
members_can_create_public_pages.enable | The ability for members to publish public GitHub Pages was enabled Members can publish public GitHub Pages in an organization. |
members_can_delete_repos
Action | Description |
---|---|
members_can_delete_repos.clear | An enterprise owner cleared the policy setting for deleting or transferring repositories in any organizations in an enterprise. |
members_can_delete_repos.disable | The ability for enterprise members to delete repositories was disabled Members cannot delete or transfer repositories in any organizations in an enterprise. |
members_can_delete_repos.enable | The ability for enterprise members to delete repositories was enabled Members can delete or transfer repositories in any organizations in an enterprise. |
members_can_view_dependency_insights
Action | Description |
---|---|
members_can_view_dependency_insights.clear | An enterprise owner cleared the policy setting for viewing dependency insights in any organizations in an enterprise. |
members_can_view_dependency_insights.disable | The ability for enterprise members to view dependency insights was disabled. Members cannot view dependency insights in any organizations in an enterprise. |
members_can_view_dependency_insights.enable | The ability for enterprise members to view dependency insights was enabled. Members can view dependency insights in any organizations in an enterprise. |
migration
Action | Description |
---|---|
migration.create | A migration file was created for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance. |
migration.destroy_file | A migration file for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance was deleted. |
migration.download | A migration file for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance was downloaded. |
network_configuration
Action | Description |
---|---|
network_configuration.create | A network configuration for a hosted compute service was created. |
network_configuration.delete | A network configuration for a hosted compute service was deleted. |
network_configuration.update | A network configuration for a hosted compute service was updated. |
oauth_application
Action | Description |
---|---|
oauth_application.create | An OAuth application was created. |
oauth_application.destroy | An OAuth application was deleted. |
oauth_application.generate_client_secret | An OAuth application's secret key was generated. |
oauth_application.remove_client_secret | An OAuth application's secret key was deleted. |
oauth_application.reset_secret | The secret key for an OAuth application was reset. |
oauth_application.revoke_all_tokens | All user tokens for an OAuth application were requested to be revoked. |
oauth_application.revoke_tokens | Token(s) for an OAuth application were revoked. |
oauth_application.transfer | An OAuth application was transferred from one account to another. |
org
Action | Description |
---|---|
org.accept_business_invitation | An invitation sent to an organization to join an enterprise was accepted. |
org.add_billing_manager | A billing manager was added to an organization. |
org.add_member | A user joined an organization. |
org.add_outside_collaborator | An outside collaborator was added to a repository. |
org.advanced_security_disabled_for_new_repos | GitHub Advanced Security was disabled for new repositories in an organization. |
org.advanced_security_disabled_on_all_repos | GitHub Advanced Security was disabled for all repositories in an organization. |
org.advanced_security_enabled_for_new_repos | GitHub Advanced Security was enabled for new repositories in an organization. |
org.advanced_security_enabled_on_all_repos | GitHub Advanced Security was enabled for all repositories in an organization. |
org.advanced_security_policy_selected_member_disabled | An enterprise owner prevented GitHub Advanced Security features from being enabled for repositories owned by the organization. |
org.advanced_security_policy_selected_member_enabled | An enterprise owner allowed GitHub Advanced Security features to be enabled for repositories owned by the organization. |
org.allow_third_party_access_requests_from_outside_collaborators_disabled | Third-party application access for outside collaborators was disabled for the organization. |
org.allow_third_party_access_requests_from_outside_collaborators_enabled | Third-party application access for outside collaborators was enabled for the organization. |
org.archive | The organization was archived. |
org.audit_log_export | An export of the organization audit log was created. If the export included a query, the log will list the query used and the number of audit log entries matching that query. |
org.audit_log_git_event_export | An export of the organization's Git events was created. |
org.block_user | An organization owner blocked a user from accessing the organization's repositories. |
org.cancel_business_invitation | An invitation for an organization to join an enterprise was revoked |
org.cancel_invitation | An invitation sent to a user to join an organization was revoked. |
org.code_scanning_autofix_disabled | Autofix for code scanning alerts was disabled for an organization. |
org.code_scanning_autofix_enabled | Autofix for code scanning alerts was enabled for an organization. |
org.code_scanning_autofix_third_party_tools_disabled | Autofix for third party tools for code scanning alerts was disabled for an organization. |
org.code_scanning_autofix_third_party_tools_enabled | Autofix for third party tools for code scanning alerts was enabled for an organization. |
org.codeql_disabled | Code scanning using the default setup was disabled for an organization. |
org.codeql_enabled | Code scanning using the default setup was enabled for an organization. |
org.codespaces_access_updated | Access to use Codespaces on internal and private repositories was updated for an organization. |
org.codespaces_ownership_updated | Ownership and payment for codespaces was updated for an organization. |
org.codespaces_team_access_allowed | A team has been allowed to use Codespaces for an organization. |
org.codespaces_team_access_revoked | A team has been prevented from using Codespaces for an organization. |
org.codespaces_trusted_repo_access_granted | GitHub Codespaces was granted trusted repository access to all other repositories in an organization. |
org.codespaces_trusted_repo_access_revoked | GitHub Codespaces trusted repository access to all other repositories in an organization was revoked. |
org.codespaces_user_access_allowed | A user has been allowed to use Codespaces for an organization. |
org.codespaces_user_access_revoked | A user has been prevented from using Codespaces for an organization. |
org.config.disable_collaborators_only | The interaction limit for collaborators only for an organization was disabled. |
org.config.disable_contributors_only | The interaction limit for prior contributors only for an organization was disabled. |
org.config.disable_sockpuppet_disallowed | The interaction limit for existing users only for an organization was disabled. |
org.config.enable_collaborators_only | The interaction limit for collaborators only for an organization was enabled. |
org.config.enable_contributors_only | The interaction limit for prior contributors only for an organization was enabled. |
org.config.enable_sockpuppet_disallowed | The interaction limit for existing users only for an organization was enabled. |
org.confirm_business_invitation | An invitation for an organization to join an enterprise was confirmed. |
org.connect_usage_metrics_export | Server statistics were exported for the organization. |
org.create | An organization was created. |
org.create_actions_secret | A GitHub Actions secret was created for an organization. |
org.create_actions_variable | A GitHub Actions variable was created for an organization. |
org.create_integration_secret | A Codespaces or Dependabot secret was created for an organization. |
org.delete | An organization was deleted by a user or staff. |
org.disable_member_team_creation_permission | Team creation was limited to owners. |
org.disable_oauth_app_restrictions | Third-party application access restrictions for an organization were disabled. |
org.disable_reader_discussion_creation_permission | An organization owner limited discussion creation to users with at least triage permission in an organization. |
org.disable_saml | SAML single sign-on was disabled for an organization. |
org.disable_source_ip_disclosure | Display of IP addresses within audit log events for the organization was disabled. |
org.disable_two_factor_requirement | A two-factor authentication requirement was disabled for the organization. |
org.display_commenter_full_name_disabled | An organization owner disabled the display of a commenter's full name in an organization. Members cannot see a comment author's full name. |
org.display_commenter_full_name_enabled | An organization owner enabled the display of a commenter's full name in an organization. Members can see a comment author's full name. |
org.enable_member_team_creation_permission | Team creation by members was allowed. |
org.enable_oauth_app_restrictions | Third-party application access restrictions for an organization were enabled. |
org.enable_reader_discussion_creation_permission | An organization owner allowed users with read access to create discussions in an organization |
org.enable_saml | SAML single sign-on was enabled for the organization. |
org.enable_source_ip_disclosure | Display of IP addresses within audit log events for the organization was enabled. |
org.enable_two_factor_requirement | Two-factor authentication is now required for the organization. |
org.integration_manager_added | An organization owner granted a member access to manage all GitHub Apps owned by an organization. |
org.integration_manager_removed | An organization owner removed access to manage all GitHub Apps owned by an organization from an organization member. |
org.invite_member | A new user was invited to join an organization. |
org.invite_to_business | An organization was invited to join an enterprise. |
org.members_can_update_protected_branches.disable | The ability for enterprise members to update protected branches was disabled. Only enterprise owners can update protected branches. |
org.members_can_update_protected_branches.enable | The ability for enterprise members to update protected branches was enabled. Members of an organization can update protected branches. |
org.oauth_app_access_approved | Access to an organization was granted for an OAuth App. |
org.oauth_app_access_denied | Access was disabled for an OAuth App that was previously approved. |
org.oauth_app_access_requested | An organization member requested that an owner grant an OAuth App access to an organization. |
org.recovery_code_failed | An organization owner failed to sign into a organization with an external identity provider (IdP) using a recovery code. |
org.recovery_code_used | An organization owner successfully signed into an organization with an external identity provider (IdP) using a recovery code. |
org.recovery_codes_downloaded | An organization owner downloaded the organization's SSO recovery codes. |
org.recovery_codes_generated | An organization owner generated the organization's SSO recovery codes. |
org.recovery_codes_printed | An organization owner printed the organization's SSO recovery codes. |
org.recovery_codes_viewed | An organization owner viewed the organization's SSO recovery codes. |
org.register_self_hosted_runner | A new self-hosted runner was registered. |
org.remove_actions_secret | A GitHub Actions secret was removed from an organization. |
org.remove_actions_variable | A GitHub Actions variable was removed from an organization. |
org.remove_billing_manager | A billing manager was removed from an organization, either manually or due to a two-factor authentication requirement. |
org.remove_integration_secret | A Codespaces or Dependabot secret was removed from an organization. |
org.remove_member | A member was removed from an organization, either manually or due to a two-factor authentication requirement. |
org.remove_outside_collaborator | An outside collaborator was removed from an organization, either manually or due to a two-factor authentication requirement. |
org.remove_self_hosted_runner | A self-hosted runner was removed. |
org.rename | An organization was renamed. |
org.required_workflow_create | Triggered when a required workflow is created. |
org.required_workflow_delete | Triggered when a required workflow is deleted. |
org.required_workflow_update | Triggered when a required workflow is updated. |
org.restore_member | An organization member was restored. |
org.revoke_external_identity | A member's linked identity was revoked. |
org.revoke_sso_session | A member's SAML session was revoked. |
org.runner_group_created | A self-hosted runner group was created. |
org.runner_group_removed | A self-hosted runner group was removed. |
org.runner_group_renamed | A self-hosted runner group was renamed. |
org.runner_group_runner_removed | The REST API was used to remove a self-hosted runner from a group. |
org.runner_group_runners_added | A self-hosted runner was added to a group. |
org.runner_group_runners_updated | A runner group's list of members was updated. |
org.runner_group_updated | The configuration of a self-hosted runner group was changed. |
org.runner_group_visiblity_updated | The visibility of a self-hosted runner group was updated via the REST API. |
org.secret_scanning_custom_pattern_push_protection_disabled | Push protection for a custom pattern for secret scanning was disabled for an organization. |
org.secret_scanning_custom_pattern_push_protection_enabled | Push protection for a custom pattern for secret scanning was enabled for an organization. |
org.secret_scanning_push_protection_custom_message_disabled | The custom message triggered by an attempted push to a push-protected repository was disabled for an organization. |
org.secret_scanning_push_protection_custom_message_enabled | The custom message triggered by an attempted push to a push-protected repository was enabled for an organization. |
org.secret_scanning_push_protection_custom_message_updated | The custom message triggered by an attempted push to a push-protected repository was updated for an organization. |
org.secret_scanning_push_protection_disable | Push protection for secret scanning was disabled. |
org.secret_scanning_push_protection_enable | Push protection for secret scanning was enabled. |
org.secret_scanning_push_protection_new_repos_disable | Push protection for secret scanning was disabled for all new repositories in the organization. |
org.secret_scanning_push_protection_new_repos_enable | Push protection for secret scanning was enabled for all new repositories in the organization. |
org.security_center_export_code_scanning_metrics | A CSV export was requested on the CodeQL pull request alerts page. |
org.security_center_export_coverage | A CSV export was requested on the Coverage page. |
org.security_center_export_overview_dashboard | A CSV export was requested on the Overview Dashboard page. |
org.security_center_export_risk | A CSV export was requested on the Risk page. |
org.self_hosted_runner_offline | The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports. |
org.self_hosted_runner_online | The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports. |
org.self_hosted_runner_updated | The runner application was updated. This event is not included in the JSON/CSV export. |
org.set_actions_fork_pr_approvals_policy | The setting for requiring approvals for workflows from public forks was changed for an organization. |
org.set_actions_private_fork_pr_approvals_policy | The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an organization. |
org.set_actions_retention_limit | The retention period for GitHub Actions artifacts and logs in an organization was changed. |
org.set_default_workflow_permissions | The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an organization. |
org.set_fork_pr_workflows_policy | The policy for workflows on private repository forks was changed. |
org.set_workflow_permission_can_approve_pr | The policy for allowing GitHub Actions to create and approve pull requests was changed for an organization. |
org.sso_response | A SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports. |
org.transfer | An organization was transferred between enterprise accounts. |
org.transfer_outgoing | An organization was transferred between enterprise accounts. |
org.unarchive | The organization was unarchived. |
org.unblock_user | A user was unblocked from an organization. |
org.update_actions_secret | A GitHub Actions secret was updated for an organization. |
org.update_actions_settings | An organization owner or site administrator updated GitHub Actions policy settings for an organization. |
org.update_actions_variable | A GitHub Actions variable was updated for an organization. |
org.update_default_repository_permission | The default repository permission level for organization members was changed. |
org.update_integration_secret | A Codespaces or Dependabot secret was updated for an organization. |
org.update_member | A person's role was changed from owner to member or member to owner. |
org.update_member_repository_creation_permission | The create repository permission for organization members was changed. |
org.update_member_repository_invitation_permission | An organization owner changed the policy setting for organization members inviting outside collaborators to repositories. |
org.update_new_repository_default_branch_setting | The name of the default branch was changed for new repositories in the organization. |
org.update_saml_provider_settings | An organization's SAML provider settings were updated. |
org.update_terms_of_service | An organization changed between the Standard Terms of Service and the GitHub Customer Agreement. |
org_credential_authorization
Action | Description |
---|---|
org_credential_authorization.deauthorize | A member removed the SSO (SAML or OIDC) authorization from a credential that had access to your organization. |
org_credential_authorization.grant | A member authorized credentials for use with SAML or OIDC single sign-on. |
org_credential_authorization.revoke | An owner revoked authorized credentials. |
org_secret_scanning_automatic_validity_checks
Action | Description |
---|---|
org_secret_scanning_automatic_validity_checks.disabled | Automatic partner validation checks have been disabled at the organization level |
org_secret_scanning_automatic_validity_checks.enabled | Automatic partner validation checks have been enabled at the organization level |
org_secret_scanning_custom_pattern
Action | Description |
---|---|
org_secret_scanning_custom_pattern.create | A custom pattern was created for secret scanning in an organization. |
org_secret_scanning_custom_pattern.delete | A custom pattern was removed from secret scanning in an organization. |
org_secret_scanning_custom_pattern.publish | A custom pattern was published for secret scanning in an organization. |
org_secret_scanning_custom_pattern.update | Changes to a custom pattern were saved and a dry run was executed for secret scanning in an organization. |
org_secret_scanning_generic_secrets
Action | Description |
---|---|
org_secret_scanning_generic_secrets.disabled | Generic secrets have been disabled at the organization level |
org_secret_scanning_generic_secrets.enabled | Generic secrets have been enabled at the organization level |
org_secret_scanning_non_provider_patterns
Action | Description |
---|---|
org_secret_scanning_non_provider_patterns.disabled | Secret scanning for non-provider patterns was disabled at the organization level. |
org_secret_scanning_non_provider_patterns.enabled | Secret scanning for non-provider patterns was enabled at the organization level. |
org_secret_scanning_push_protection_bypass_list
Action | Description |
---|---|
org_secret_scanning_push_protection_bypass_list.add | A role or team was added to the push protection bypass list at the organization level. |
org_secret_scanning_push_protection_bypass_list.disable | Push protection settings for "Users who can bypass push protection for secret scanning" changed from "Specific roles or teams" to "Anyone with write access" at the organization level. |
org_secret_scanning_push_protection_bypass_list.enable | Push protection settings for "Users who can bypass push protection for secret scanning" changed from "Anyone with write access" to "Specific roles or teams" at the organization level. |
org_secret_scanning_push_protection_bypass_list.remove | A role or team was removed from the push protection bypass list at the organization level. |
organization_default_label
Action | Description |
---|---|
organization_default_label.create | A default label was created for repositories in an organization. |
organization_default_label.destroy | A default label was deleted for repositories in an organization. |
organization_default_label.update | A default label was edited for repositories in an organization. |
organization_domain
Action | Description |
---|---|
organization_domain.approve | A domain was approved for an organization. |
organization_domain.create | A domain was added to an organization. |
organization_domain.destroy | A domain was removed from an organization. |
organization_domain.verify | A domain was verified for an organization. |
organization_projects_change
Action | Description |
---|---|
organization_projects_change.clear | An enterprise owner cleared the policy setting for organization-wide project boards in an enterprise. |
organization_projects_change.disable | Organization projects were disabled for all organizations in an enterprise. |
organization_projects_change.enable | Organization projects were enabled for all organizations in an enterprise. |
organization_role
Action | Description |
---|---|
organization_role.assign | An organization role was assigned to a user or team. |
organization_role.create | A custom organization role was created in an organization. |
organization_role.destroy | A custom organization role was deleted in an organization. |
organization_role.revoke | A user or team was unassigned an organization role. |
organization_role.update | A custom organization role was edited in an organization. |
organization_wide_project_base_role
Action | Description |
---|---|
organization_wide_project_base_role.update | An organization's default project base role was updated. |
packages
Action | Description |
---|---|
packages.package_deleted | An entire package was deleted. |
packages.package_published | A package was published or republished to an organization. |
packages.package_version_deleted | A specific package version was deleted. |
packages.package_version_published | A specific package version was published or republished to a package. |
pages_protected_domain
Action | Description |
---|---|
pages_protected_domain.create | A GitHub Pages verified domain was created for an organization or enterprise. |
pages_protected_domain.delete | A GitHub Pages verified domain was deleted from an organization or enterprise. |
pages_protected_domain.verify | A GitHub Pages domain was verified for an organization or enterprise. |
payment_method
Action | Description |
---|---|
payment_method.create | A new payment method was added, such as a new credit card or PayPal account. |
payment_method.remove | A payment method was removed. |
payment_method.update | An existing payment method was updated. |
personal_access_token
Action | Description |
---|---|
personal_access_token.access_granted | A fine-grained personal access token was granted access to resources. |
personal_access_token.access_revoked | A fine-grained personal access token was revoked. The token can still read public organization resources. |
personal_access_token.request_cancelled | A pending request for a fine-grained personal access token to access organization resources was canceled. |
personal_access_token.request_created | Triggered when a fine-grained personal access token was created to access organization resources and the organization requires approval before the token can access organization resources. |
personal_access_token.request_denied | A request for a fine-grained personal access token to access organization resources was denied. |
prebuild_configuration
Action | Description |
---|---|
prebuild_configuration.create | A GitHub Codespaces prebuild configuration for a repository was created. |
prebuild_configuration.destroy | A GitHub Codespaces prebuild configuration for a repository was deleted. |
prebuild_configuration.run_triggered | A user initiated a run of a GitHub Codespaces prebuild configuration for a repository branch. |
prebuild_configuration.update | A GitHub Codespaces prebuild configuration for a repository was edited. |
private_repository_forking
Action | Description |
---|---|
private_repository_forking.clear | An enterprise owner cleared the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise. |
private_repository_forking.disable | An enterprise owner disabled the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise. Private and internal repositories are never allowed to be forked. |
private_repository_forking.enable | An enterprise owner enabled the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise. Private and internal repositories are always allowed to be forked. |
profile_picture
Action | Description |
---|---|
profile_picture.update | A profile picture was updated. |
project
Action | Description |
---|---|
project.access | A project board visibility was changed. |
project.close | A project board was closed. |
project.create | A project board was created. |
project.delete | A project board was deleted. |
project.link | A repository was linked to a project board. |
project.open | A project board was reopened. |
project.rename | A project board was renamed. |
project.unlink | A repository was unlinked from a project board. |
project.update_org_permission | The project's base-level permission for all organization members was changed or removed. |
project.update_team_permission | A team's project board permission level was changed or when a team was added or removed from a project board. |
project.update_user_permission | A user was added to or removed from a project board or had their permission level changed. |
project.visibility_private | A project's visibility was changed from public to private. |
project.visibility_public | A project's visibility was changed from private to public. |
project_base_role
Action | Description |
---|---|
project_base_role.update | A project's base role was updated. |
project_collaborator
Action | Description |
---|---|
project_collaborator.add | A collaborator was added to a project. |
project_collaborator.remove | A collaborator was removed from a project. |
project_collaborator.update | A project collaborator's permission level was changed. |
project_field
Action | Description |
---|---|
project_field.create | A field was created in a project board. |
project_field.delete | A field was deleted in a project board. |
project_view
Action | Description |
---|---|
project_view.create | A view was created in a project board. |
project_view.delete | A view was deleted in a project board. |
protected_branch
Action | Description |
---|---|
protected_branch.authorized_users_teams | The users, teams, or integrations allowed to bypass a branch protection were changed. |
protected_branch.branch_allowances | A protected branch allowance was given to a specific user, team or integration. |
protected_branch.create | Branch protection was enabled on a branch. |
protected_branch.destroy | Branch protection was disabled on a branch. |
protected_branch.dismiss_stale_reviews | Enforcement of dismissing stale pull requests was updated on a branch. |
protected_branch.dismissal_restricted_users_teams | Enforcement of restricting users and/or teams who can dismiss reviews was updated on a branch. |
protected_branch.policy_override | A branch protection requirement was overridden by a repository administrator. |
protected_branch.rejected_ref_update | A branch update attempt was rejected. |
protected_branch.update_admin_enforced | Branch protection was enforced for repository administrators. |
protected_branch.update_allow_deletions_enforcement_level | Branch deletion was enabled or disabled for a protected branch. |
protected_branch.update_allow_force_pushes_enforcement_level | Force pushes were enabled or disabled for a branch. |
protected_branch.update_ignore_approvals_from_contributors | Ignoring of approvals from contributors to a pull request was enabled or disabled for a branch. |
protected_branch.update_linear_history_requirement_enforcement_level | Required linear commit history was enabled or disabled for a branch. |
protected_branch.update_lock_allows_fetch_and_merge | Fork syncing was enabled or disabled for a read-only branch |
protected_branch.update_lock_branch_enforcement_level | The enforcement of a branch lock was updated. |
protected_branch.update_merge_queue_enforcement_level | Enforcement of the merge queue was modified for a branch. |
protected_branch.update_name | A branch name pattern was updated for a branch. |
protected_branch.update_pull_request_reviews_enforcement_level | Enforcement of required pull request reviews was updated for a branch. Can be 0 (deactivated), 1 (non-admins), or 2 (everyone). |
protected_branch.update_require_code_owner_review | Enforcement of required code owner review was updated for a branch. |
protected_branch.update_require_last_push_approval | Someone other than the person who pushed the last code-modifying commit to the branch must approve pull requests for the branch. |
protected_branch.update_required_approving_review_count | Enforcement of the required number of approvals before merging was updated on a branch. |
protected_branch.update_required_status_checks_enforcement_level | Enforcement of required status checks was updated for a branch. |
protected_branch.update_signature_requirement_enforcement_level | Enforcement of required commit signing was updated for a branch. |
protected_branch.update_strict_required_status_checks_policy | Enforcement of required status checks was updated for a branch. |
public_key
Action | Description |
---|---|
public_key.create | An SSH key was added to a user account or a deploy key was added to a repository. |
public_key.delete | An SSH key was removed from a user account or a deploy key was removed from a repository. |
public_key.unverification_failure | A user account's SSH key or a repository's deploy key was unable to be unverified. |
public_key.unverify | A user account's SSH key or a repository's deploy key was unverified. |
public_key.update | A user account's SSH key or a repository's deploy key was updated. |
public_key.verification_failure | A user account's SSH key or a repository's deploy key was unable to be verified. |
public_key.verify | A user account's SSH key or a repository's deploy key was verified. |
pull_request
Action | Description |
---|---|
pull_request.close | A pull request was closed without being merged. |
pull_request.converted_to_draft | A pull request was converted to a draft. |
pull_request.create | A pull request was created. |
pull_request.create_review_request | A review was requested on a pull request. |
pull_request.in_progress | A pull request was marked as in progress. |
pull_request.indirect_merge | A pull request was considered merged because the pull request's commits were merged into the target branch. |
pull_request.merge | A pull request was merged. |
pull_request.ready_for_review | A pull request was marked as ready for review. |
pull_request.remove_review_request | A review request was removed from a pull request. |
pull_request.reopen | A pull request was reopened after previously being closed. |
pull_request_review_comment
Action | Description |
---|---|
pull_request_review_comment.create | A review comment was added to a pull request. |
pull_request_review_comment.delete | A review comment on a pull request was deleted. |
pull_request_review_comment.update | A review comment on a pull request was changed. |
pull_request_review
Action | Description |
---|---|
pull_request_review.delete | A review on a pull request was deleted. |
pull_request_review.dismiss | A review on a pull request was dismissed. |
pull_request_review.submit | A review on a pull request was submitted. |
repo
Action | Description |
---|---|
repo.access | The visibility of a repository changed. |
repo.actions_enabled | GitHub Actions was enabled for a repository. |
repo.add_member | A collaborator was added to a repository. |
repo.add_topic | A topic was added to a repository. |
repo.advanced_security_disabled | GitHub Advanced Security was disabled for a repository. |
repo.advanced_security_enabled | GitHub Advanced Security was enabled for a repository. |
repo.archived | A repository was archived. |
repo.change_merge_setting | Pull request merge options were changed for a repository. |
repo.code_scanning_analysis_deleted | Code scanning analysis for a repository was deleted. |
repo.code_scanning_autofix_disabled | Autofix for code scanning alerts was disabled for a repository. |
repo.code_scanning_autofix_enabled | Autofix for code scanning alerts was enabled for a repository. |
repo.code_scanning_autofix_third_party_tools_disabled | Autofix for third party tools for code scanning alerts was disabled for a repository. |
repo.code_scanning_autofix_third_party_tools_enabled | Autofix for third party tools for code scanning alerts was enabled for a repository. |
repo.code_scanning_configuration_for_branch_deleted | A code scanning configuration for a branch of a repository was deleted. |
repo.codeql_disabled | Code scanning using the default setup was disabled for a repository. |
repo.codeql_enabled | Code scanning using the default setup was enabled for a repository. |
repo.codeql_updated | Code scanning using the default setup was updated for a repository. |
repo.codespaces_trusted_repo_access_granted | GitHub Codespaces was granted trusted repository access to this repository. |
repo.codespaces_trusted_repo_access_revoked | GitHub Codespaces trusted repository access to this repository was revoked. |
repo.config.disable_collaborators_only | The interaction limit for collaborators only was disabled. |
repo.config.disable_contributors_only | The interaction limit for prior contributors only was disabled in a repository. |
repo.config.disable_sockpuppet_disallowed | The interaction limit for existing users only was disabled in a repository. |
repo.config.enable_collaborators_only | The interaction limit for collaborators only was enabled in a repository Users that are not collaborators or organization members were unable to interact with a repository for a set duration. |
repo.config.enable_contributors_only | The interaction limit for prior contributors only was enabled in a repository Users that are not prior contributors, collaborators or organization members were unable to interact with a repository for a set duration. |
repo.config.enable_sockpuppet_disallowed | The interaction limit for existing users was enabled in a repository New users aren't able to interact with a repository for a set duration Existing users of the repository, contributors, collaborators or organization members are able to interact with a repository. |
repo.create | A repository was created. |
repo.create_actions_secret | A GitHub Actions secret was created for a repository. |
repo.create_actions_variable | A GitHub Actions variable was created for a repository. |
repo.create_integration_secret | A Codespaces or Dependabot secret was created for a repository. |
repo.destroy | A repository was deleted. |
repo.download_zip | A source code archive of a repository was downloaded as a ZIP file. |
repo.pages_cname | A GitHub Pages custom domain was modified in a repository. |
repo.pages_create | A GitHub Pages site was created. |
repo.pages_destroy | A GitHub Pages site was deleted. |
repo.pages_https_redirect_disabled | HTTPS redirects were disabled for a GitHub Pages site. |
repo.pages_https_redirect_enabled | HTTPS redirects were enabled for a GitHub Pages site. |
repo.pages_private | A GitHub Pages site visibility was changed to private. |
repo.pages_public | A GitHub Pages site visibility was changed to public. |
repo.pages_soft_delete | A GitHub Pages site was soft-deleted because its owner's plan changed. |
repo.pages_soft_delete_restore | A GitHub Pages site that was previously soft-deleted was restored. |
repo.pages_source | A GitHub Pages source was modified. |
repo.register_self_hosted_runner | A new self-hosted runner was registered. |
repo.remove_actions_secret | A GitHub Actions secret was deleted for a repository. |
repo.remove_actions_variable | A GitHub Actions variable was deleted for a repository. |
repo.remove_integration_secret | A Codespaces or Dependabot secret was deleted for a repository. |
repo.remove_member | A collaborator was removed from a repository. |
repo.remove_self_hosted_runner | A self-hosted runner was removed. |
repo.remove_topic | A topic was removed from a repository. |
repo.rename | A repository was renamed. |
repo.self_hosted_runner_offline | The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports. |
repo.self_hosted_runner_online | The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports. |
repo.self_hosted_runner_updated | The runner application was updated. This event is not included in the JSON/CSV export. |
repo.set_actions_fork_pr_approvals_policy | The setting for requiring approvals for workflows from public forks was changed for a repository. |
repo.set_actions_private_fork_pr_approvals_policy | The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for a repository. |
repo.set_actions_retention_limit | The retention period for GitHub Actions artifacts and logs in a repository was changed. |
repo.set_default_workflow_permissions | The default permissions granted to the GITHUB_TOKEN when running workflows were changed for a repository. |
repo.set_fork_pr_workflows_policy | Triggered when the policy for workflows on private repository forks is changed. |
repo.set_workflow_permission_can_approve_pr | The policy for allowing GitHub Actions to create and approve pull requests was changed for a repository. |
repo.staff_unlock | An enterprise owner or GitHub staff (with permission from a repository administrator) temporarily unlocked the repository. |
repo.transfer | A user accepted a request to receive a transferred repository. |
repo.transfer_outgoing | A repository was transferred to another repository network. |
repo.transfer_start | A user sent a request to transfer a repository to another user or organization. |
repo.unarchived | A repository was unarchived. |
repo.update_actions_access_settings | The setting to control how a repository was used by GitHub Actions workflows in other repositories was changed. |
repo.update_actions_secret | A GitHub Actions secret was updated for a repository. |
repo.update_actions_settings | A repository administrator changed GitHub Actions policy settings for a repository. |
repo.update_actions_variable | A GitHub Actions variable was updated for a repository. |
repo.update_default_branch | The default branch for a repository was changed. |
repo.update_integration_secret | A Codespaces or Dependabot secret was updated for a repository. |
repo.update_member | A user's permission to a repository was changed. |
repository_advisory
Action | Description |
---|---|
repository_advisory.close | Someone closed a security advisory. |
repository_advisory.cve_request | Someone requested a CVE (Common Vulnerabilities and Exposures) number from GitHub for a draft security advisory. |
repository_advisory.github_broadcast | GitHub made a security advisory public in the GitHub Advisory Database. |
repository_advisory.github_withdraw | GitHub withdrew a security advisory that was published in error. |
repository_advisory.open | Someone opened a draft security advisory. |
repository_advisory.publish | Someone published a security advisory. |
repository_advisory.reopen | Someone reopened as draft security advisory. |
repository_advisory.update | Someone edited a draft or published security advisory. |
repository_branch_protection_evaluation
Action | Description |
---|---|
repository_branch_protection_evaluation.disable | Branch protections were disabled for the repository. |
repository_branch_protection_evaluation.enable | Branch protections were enabled for this repository. |
repository_content_analysis
Action | Description |
---|---|
repository_content_analysis.disable | Data use settings were disabled for a private repository. |
repository_content_analysis.enable | Data use settings were enabled for a private repository. |
repository_dependency_graph
Action | Description |
---|---|
repository_dependency_graph.disable | The dependency graph was disabled for a private repository. |
repository_dependency_graph.enable | The dependency graph was enabled for a private repository. |
repository_image
Action | Description |
---|---|
repository_image.create | An image to represent a repository was uploaded. |
repository_image.destroy | An image to represent a repository was deleted. |
repository_invitation
Action | Description |
---|---|
repository_invitation.accept | An invitation to join a repository was accepted. |
repository_invitation.cancel | An invitation to join a repository was canceled. |
repository_invitation.create | An invitation to join a repository was sent. |
repository_invitation.reject | An invitation to join a repository was declined. |
repository_projects_change
Action | Description |
---|---|
repository_projects_change.clear | The repository projects policy was removed for an organization, or all organizations in the enterprise Organization owners can now control their repository projects settings. |
repository_projects_change.disable | Repository projects were disabled for a repository, all repositories in an organization, or all organizations in an enterprise. |
repository_projects_change.enable | Repository projects were enabled for a repository, all repositories in an organization, or all organizations in an enterprise. |
repository_ruleset
Action | Description |
---|---|
repository_ruleset.create | A repository ruleset was created. |
repository_ruleset.destroy | A repository ruleset was deleted. |
repository_ruleset.update | A repository ruleset was edited. |
repository_secret_scanning_automatic_validity_checks
Action | Description |
---|---|
repository_secret_scanning_automatic_validity_checks.disabled | Automatic partner validation checks have been disabled at the repository level |
repository_secret_scanning_automatic_validity_checks.enabled | Automatic partner validation checks have been enabled at the repository level |
repository_secret_scanning_custom_pattern
Action | Description |
---|---|
repository_secret_scanning_custom_pattern.create | A custom pattern was created for secret scanning in a repository. |
repository_secret_scanning_custom_pattern.delete | A custom pattern was removed from secret scanning in a repository. |
repository_secret_scanning_custom_pattern.publish | A custom pattern was published for secret scanning in a repository. |
repository_secret_scanning_custom_pattern.update | Changes to a custom pattern were saved and a dry run was executed for secret scanning in a repository. |
repository_secret_scanning_custom_pattern_push_protection
Action | Description |
---|---|
repository_secret_scanning_custom_pattern_push_protection.disabled | Push protection for a custom pattern for secret scanning was disabled for your repository. |
repository_secret_scanning_custom_pattern_push_protection.enabled | Push protection for a custom pattern for secret scanning was enabled for your repository. |
repository_secret_scanning
Action | Description |
---|---|
repository_secret_scanning.disable | Secret scanning was disabled for a repository. |
repository_secret_scanning.enable | Secret scanning was enabled for a repository. |
repository_secret_scanning_generic_secrets
Action | Description |
---|---|
repository_secret_scanning_generic_secrets.disabled | Generic secrets have been disabled at the repository level |
repository_secret_scanning_generic_secrets.enabled | Generic secrets have been enabled at the repository level |
repository_secret_scanning_non_provider_patterns
Action | Description |
---|---|
repository_secret_scanning_non_provider_patterns.disabled | Secret scanning for non-provider patterns was disabled at the repository level. |
repository_secret_scanning_non_provider_patterns.enabled | Secret scanning for non-provider patterns was enabled at the repository level. |
repository_secret_scanning_push_protection_bypass_list
Action | Description |
---|---|
repository_secret_scanning_push_protection_bypass_list.add | A role or team was added to the push protection bypass list at the repository level. |
repository_secret_scanning_push_protection_bypass_list.disable | Push protection settings for "Users who can bypass push protection for secret scanning" changed from "Specific roles or teams" to "Anyone with write access" at the repository level. |
repository_secret_scanning_push_protection_bypass_list.enable | Push protection settings for "Users who can bypass push protection for secret scanning" changed from "Anyone with write access" to "Specific roles or teams" at the repository level. |
repository_secret_scanning_push_protection_bypass_list.remove | A role or team was removed from the push protection bypass list at the repository level. |
repository_secret_scanning_push_protection
Action | Description |
---|---|
repository_secret_scanning_push_protection.disable | Secret scanning push protection was disabled for a repository. |
repository_secret_scanning_push_protection.enable | Secret scanning push protection was enabled for a repository. |
repository_security_configuration
Action | Description |
---|---|
repository_security_configuration.applied | A code security configuration was applied to a repository. |
repository_security_configuration.failed | A code security configuration failed to attach to the repository. |
repository_security_configuration.removed | A code security configuration was removed from a repository. |
repository_security_configuration.removed_by_settings_change | A code security configuration was removed due to a change in repository or enterprise settings. |
repository_visibility_change
Action | Description |
---|---|
repository_visibility_change.clear | The repository visibility change setting was cleared for an organization or enterprise. |
repository_visibility_change.disable | The ability for enterprise members to update a repository's visibility was disabled. Members are unable to change repository visibilities in an organization, or all organizations in an enterprise. |
repository_visibility_change.enable | The ability for enterprise members to update a repository's visibility was enabled. Members are able to change repository visibilities in an organization, or all organizations in an enterprise. |
repository_vulnerability_alert
Action | Description |
---|---|
repository_vulnerability_alert.auto_dismiss | A Dependabot alert was automatically dismissed because its metadata matches an enabled Dependabot rule. |
repository_vulnerability_alert.auto_reopen | A previously auto-dismissed Dependabot alert was automatically reopened because its metadata no longer matches an enabled Dependabot rule. |
repository_vulnerability_alert.create | GitHub created a Dependabot alert because the repository uses a vulnerable dependency. |
repository_vulnerability_alert.dismiss | A Dependabot alert was manually dismissed. |
repository_vulnerability_alert.reintroduce | A Dependabot alert was automatically reopened because the repository resumed use of a vulnerable dependency. |
repository_vulnerability_alert.reopen | A Dependabot alert was manually reopened. |
repository_vulnerability_alert.resolve | Changes were pushed to update and resolve a Dependabot alert in a project dependency. |
repository_vulnerability_alert.withdraw | A Dependabot alert was withdrawn. |
repository_vulnerability_alerts
Action | Description |
---|---|
repository_vulnerability_alerts.authorized_users_teams | The list of people or teams authorized to receive Dependabot alerts for the repository was updated. |
repository_vulnerability_alerts.disable | Dependabot alerts was disabled. |
repository_vulnerability_alerts.enable | Dependabot alerts was enabled. |
repository_vulnerability_alerts_auto_dismissal
Action | Description |
---|---|
repository_vulnerability_alerts_auto_dismissal.disable | Automatic dismissal of low-impact Dependabot alerts was disabled for the repository. |
repository_vulnerability_alerts_auto_dismissal.enable | Automatic dismissal of low-impact Dependabot alerts was enabled for the repository. |
required_status_check
Action | Description |
---|---|
required_status_check.create | A status check was marked as required for a protected branch. |
required_status_check.destroy | A status check was no longer marked as required for a protected branch. |
restrict_notification_delivery
Action | Description |
---|---|
restrict_notification_delivery.disable | Email notification restrictions for an organization or enterprise were disabled. |
restrict_notification_delivery.enable | Email notification restrictions for an organization or enterprise were enabled. |
role
Action | Description |
---|---|
role.create | A new custom repository role was created. |
role.destroy | A custom repository role was deleted. |
role.update | A custom repository role was edited. |
secret_scanning_alert
Action | Description |
---|---|
secret_scanning_alert.create | GitHub detected a secret and created a secret scanning alert. |
secret_scanning_alert.public_leak | A secret scanning alert was leaked in a public repo. |
secret_scanning_alert.reopen | A secret scanning alert was reopened. |
secret_scanning_alert.report | A leaked secret was reported to the secret's provider by secret scanning. |
secret_scanning_alert.resolve | A secret scanning alert was resolved. |
secret_scanning_alert.revoke | A secret scanning alert was revoked. |
secret_scanning_alert.validate | A secret scanning alert was validated. |
secret_scanning
Action | Description |
---|---|
secret_scanning.disable | Secret scanning was disabled for all existing repositories. |
secret_scanning.enable | Secret scanning was enabled for all existing repositories. |
secret_scanning_new_repos
Action | Description |
---|---|
secret_scanning_new_repos.disable | Secret scanning was disabled for all new repositories. |
secret_scanning_new_repos.enable | Secret scanning was enabled for all new repositories. |
secret_scanning_push_protection
Action | Description |
---|---|
secret_scanning_push_protection.bypass | Triggered when a user bypasses the push protection on a secret detected by secret scanning. |
secret_scanning_push_protection_request
Action | Description |
---|---|
secret_scanning_push_protection_request.approve | A request to bypass secret scanning push protection was approved by a user. |
secret_scanning_push_protection_request.deny | A request to bypass secret scanning push protection was denied by a user. |
secret_scanning_push_protection_request.request | A user requested to bypass secret scanning push protection. |
security_configuration
Action | Description |
---|---|
security_configuration.create | A security configuration was created |
security_configuration.delete | A security configuration was deleted |
security_configuration.update | A security configuration was updated |
security_configuration_default
Action | Description |
---|---|
security_configuration_default.delete | A default security configuration setting for new repositories was removed. |
security_configuration_default.update | A default security configuration setting for new repositories was updated. |
security_configuration_policy
Action | Description |
---|---|
security_configuration_policy.update | A security configuration policy was updated |
sponsors
Action | Description |
---|---|
sponsors.agreement_sign | A GitHub Sponsors agreement was signed on behalf of an organization. |
sponsors.custom_amount_settings_change | Custom amounts for GitHub Sponsors were enabled or disabled, or the suggested custom amount was changed. |
sponsors.fiscal_host_change | The fiscal host for a GitHub Sponsors listing was updated. |
sponsors.invoiced_agreement_sign | An agreement for invoiced billing for GitHub Sponsors was signed. |
sponsors.repo_funding_links_file_action | The FUNDING file in a repository was changed. |
sponsors.sponsor_sponsorship_cancel | A sponsorship was canceled. |
sponsors.sponsor_sponsorship_create | A sponsorship was created, by sponsoring an account. |
sponsors.sponsor_sponsorship_payment_complete | After you sponsor an account and a payment has been processed, the sponsorship payment was marked as complete. |
sponsors.sponsor_sponsorship_preference_change | The option to receive email updates from a sponsored account was changed. |
sponsors.sponsor_sponsorship_tier_change | A sponsorship was upgraded or downgraded. |
sponsors.sponsored_developer_approve | A GitHub Sponsors account was approved. |
sponsors.sponsored_developer_create | A GitHub Sponsors account was created. |
sponsors.sponsored_developer_disable | A GitHub Sponsors account was disabled. |
sponsors.sponsored_developer_profile_update | The profile for GitHub Sponsors account was edited. |
sponsors.sponsored_developer_redraft | A GitHub Sponsors account was returned to draft state from approved state. |
sponsors.sponsored_developer_request_approval | An application for GitHub Sponsors was submitted for approval. |
sponsors.sponsored_developer_tier_description_update | The description for a sponsorship tier was changed. |
sponsors.sponsors_patreon_user_create | A Patreon account was linked to a user account for use with GitHub Sponsors. |
sponsors.sponsors_patreon_user_destroy | A Patreon account for use with GitHub Sponsors was unlinked from a user account. |
sponsors.update_tier_repository | A GitHub Sponsors tier changed access for a repository. |
sponsors.update_tier_welcome_message | The welcome message for a GitHub Sponsors tier for an organization was updated. |
sponsors.withdraw_agreement_signature | A signature was withdrawn from a GitHub Sponsors agreement that applies to an organization. |
ssh_certificate_authority
Action | Description |
---|---|
ssh_certificate_authority.create | An SSH certificate authority for an organization or enterprise was created. |
ssh_certificate_authority.destroy | An SSH certificate authority for an organization or enterprise was deleted. |
ssh_certificate_requirement
Action | Description |
---|---|
ssh_certificate_requirement.disable | The requirement for members to use SSH certificates to access an organization resources was disabled. |
ssh_certificate_requirement.enable | The requirement for members to use SSH certificates to access an organization resources was enabled. |
staff
Action | Description |
---|---|
staff.set_domain_token_expiration | The verification code expiry time for an organization or enterprise domain was set. |
staff.unverify_domain | An organization or enterprise domain was unverified. |
staff.verify_domain | An organization or enterprise domain was verified. |
team
Action | Description |
---|---|
team.add_member | A member of an organization was added to a team. |
team.add_repository | A team was given access and permissions to a repository. |
team.change_parent_team | A child team was created or a child team's parent was changed. |
team.change_privacy | A team's privacy level was changed. |
team.create | A new team is created. |
team.demote_maintainer | A user was demoted from a team maintainer to a team member. |
team.destroy | A team was deleted. |
team.promote_maintainer | A user was promoted from a team member to a team maintainer. |
team.remove_member | An organization member was removed from a team. |
team.remove_repository | A repository was removed from a team's control. |
team.rename | A team's name was changed. |
team.update_repository_permission | A team's permission to a repository was changed. |
team_discussions
Action | Description |
---|---|
team_discussions.clear | An organization owner cleared the setting to allow team discussions for an organization or enterprise. |
team_discussions.disable | Team discussions were disabled for an organization. |
team_discussions.enable | Team discussions were enabled for an organization. |
team_sync_tenant
Action | Description |
---|---|
team_sync_tenant.disabled | Team synchronization with a tenant was disabled. |
team_sync_tenant.enabled | Team synchronization with a tenant was enabled. |
team_sync_tenant.update_okta_credentials | The Okta credentials for team synchronization with a tenant were changed. |
vulnerability_alert_rule
Action | Description |
---|---|
vulnerability_alert_rule.create | A Dependabot rule was created. |
vulnerability_alert_rule.delete | A Dependabot rule was deleted. |
vulnerability_alert_rule.disable | A Dependabot rule was disabled for a single repository or disabled by default for an organization. |
vulnerability_alert_rule.enable | A Dependabot rule was enabled for a single repository or enabled by default for an organization. |
vulnerability_alert_rule.force_disable | A Dependabot rule was enabled for an organization and cannot be disabled for its repositories. |
vulnerability_alert_rule.force_enable | A Dependabot rule was disabled for an organization and cannot be enabled for its repositories. |
vulnerability_alert_rule.update | A Dependabot rule's conditions, actions, or metadata changed. |
workflows
Action | Description |
---|---|
workflows.approve_workflow_job | A workflow job was approved. |
workflows.cancel_workflow_run | A workflow run was cancelled. |
workflows.completed_workflow_run | A workflow status changed to completed. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports. |
workflows.created_workflow_run | A workflow run was create. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports. |
workflows.delete_workflow_run | A workflow run was deleted. |
workflows.disable_workflow | A workflow was disabled. |
workflows.enable_workflow | A workflow was enabled, after previously being disabled by disable_workflow. |
workflows.pin_workflow | A workflow was pinned. |
workflows.prepared_workflow_job | A workflow job was started. Includes the list of secrets that were provided to the job. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports. |
workflows.reject_workflow_job | A workflow job was rejected. |
workflows.rerun_workflow_run | A workflow run was re-run. |
workflows.unpin_workflow | A workflow was unpinned after previously being pinned. |