Article version: Enterprise Server 2.20
Reviewing your security log
You can review the security log for your user account to better understand actions you've performed and actions others have performed that involve you.
The security log lists all actions performed within the last 90 days.
In the upper-right corner of any page, click your profile photo, then click Settings.
In the user settings sidebar, click Security log.
The log lists the following information about each action:
- Which repository an action was performed in
- The user that performed the action
- The action that was performed
- Which country the action took place in
- The date and time the action occurred
Note that you cannot search for entries using text. You can, however, construct search queries using a variety of filters. Many operators used when querying the log, such as
<, match the same format as searching across GitHub Enterprise. For more information, see "Searching on GitHub."
operation qualifier to limit actions to specific types of operations. For example:
operation:accessfinds all events where a resource was accessed.
operation:authenticationfinds all events where an authentication event was performed.
operation:createfinds all events where a resource was created.
operation:modifyfinds all events where an existing resource was modified.
operation:removefinds all events where an existing resource was removed.
operation:restorefinds all events where an existing resource was restored.
operation:transferfinds all events where an existing resource was transferred.
repo qualifier to limit actions to a specific repository. For example:
repo:my-org/our-repofinds all events that occurred for the
our-reporepository in the
repo:my-org/our-repo repo:my-org/another-repofinds all events that occurred for both the
another-reporepositories in the
-repo:my-org/not-this-repoexcludes all events that occurred for the
not-this-reporepository in the
Note that you must include the account name within the
repo qualifier; searching for just
repo:our-repo will not work.
actor qualifier can scope events based on who performed the action. For example:
actor:octocatfinds all events performed by
actor:octocat actor:hubotfinds all events performed by both
-actor:hubotexcludes all events performed by
Note that you can only use a GitHub Enterprise username, not an individual's real name.
|Contains all activities related to OAuth Apps you've connected with.|
|Contains all activities related to your profile picture.|
|Contains all activities related to project boards.|
|Contains all activities related to your public SSH keys.|
|Contains all activities related to the repositories you own.|
|Contains all activities related to teams you are a part of.|
|Contains all activities related to two-factor authentication.|
|Contains all activities related to your account.|
A description of the events within these categories is listed below.
|create||Triggered when you grant access to an OAuth App.|
|destroy||Triggered when you revoke an OAuth App's access to your account.|
|update||Triggered when you set or update your profile picture.|
|Triggered when a project board is created.|
|Triggered when a project board is renamed.|
|Triggered when a project board is updated.|
|Triggered when a project board is deleted.|
|Triggered when a repository is linked to a project board.|
|Triggered when a repository is unlinked from a project board.|
|Triggered when a project board's visibility is changed.|
|Triggered when an outside collaborator is added to or removed from a project board or has their permission level changed.|
|create||Triggered when you add a new public SSH key to your GitHub Enterprise account.|
|delete||Triggered when you remove a public SSH key to your GitHub Enterprise account.|
|access||Triggered when you a repository you own is switched from "private" to "public" (or vice versa).|
|add_member||Triggered when a GitHub Enterprise user is given collaboration access to a repository.|
|add_topic||Triggered when a repository owner adds a topic to a repository.|
|archived||Triggered when a repository owner archives a repository.|
|config.disable_anonymous_git_access||Triggered when anonymous Git read access is disabled in a public repository.|
|config.enable_anonymous_git_access||Triggered when anonymous Git read access is enabled in a public repository.|
|config.lock_anonymous_git_access||Triggered when a repository's anonymous Git read access setting is locked.|
|config.unlock_anonymous_git_access||Triggered when a repository's anonymous Git read access setting is unlocked.|
|create||Triggered when a new repository is created.|
|destroy||Triggered when a repository is deleted.|
|remove_member||Triggered when a GitHub Enterprise user is removed from a repository as a collaborator.|
|remove_topic||Triggered when a repository owner removes a topic from a repository.|
|rename||Triggered when a repository is renamed.|
|transfer||Triggered when a repository is transferred.|
|transfer_start||Triggered when a repository transfer is about to occur.|
|unarchived||Triggered when a repository owner unarchives a repository.|
|add_member||Triggered when a member of an organization you belong to adds you to a team.|
|add_repository||Triggered when a team you are a member of is given control of a repository.|
|create||Triggered when a new team in an organization you belong to is created.|
|destroy||Triggered when a team you are a member of is deleted from the organization.|
|remove_member||Triggered when a member of an organization is removed from a team you are a member of.|
|remove_repository||Triggered when a repository is no longer under a team's control.|
|enabled||Triggered when two-factor authentication is enabled.|
|disabled||Triggered when two-factor authentication is disabled.|
|add_email||Triggered when you add a new email address.|
|create||Triggered when you create a new user account.|
|remove_email||Triggered when you remove an email address.|
|rename||Triggered when you rename your account.|
|change_password||Triggered when you change your password.|
|forgot_password||Triggered when you ask for a password reset.|
|login||Triggered when you log in to your GitHub Enterprise Server instance.|
|failed_login||Triggered when you failed to log in successfully.|
|two_factor_requested||Triggered when GitHub Enterprise asks you for your two-factor authentication code.|
|show_private_contributions_count||Triggered when you publicize private contributions on your profile.|
|hide_private_contributions_count||Triggered when you hide private contributions on your profile.|
|update||Triggered when you set or change the status on your profile. For more information, see "Setting a status."|
|destroy||Triggered when you clear the status on your profile.|