Article version: Enterprise Server 2.20

Reviewing your security log

You can review the security log for your user account to better understand actions you've performed and actions others have performed that involve you.

In this article

Accessing your security log

The security log lists all actions performed within the last 90 days.

  1. In the upper-right corner of any page, click your profile photo, then click Settings.

    Settings icon in the user bar

  2. In the user settings sidebar, click Security log.

    Security log tab

Searching your security log

The log lists the following information about each action:

  • Which repository an action was performed in
  • The user that performed the action
  • The action that was performed
  • Which country the action took place in
  • The date and time the action occurred

Note that you cannot search for entries using text. You can, however, construct search queries using a variety of filters. Many operators used when querying the log, such as -, >, or <, match the same format as searching across GitHub Enterprise. For more information, see "Searching on GitHub."

Search based on operation

Use the operation qualifier to limit actions to specific types of operations. For example:

  • operation:access finds all events where a resource was accessed.
  • operation:authentication finds all events where an authentication event was performed.
  • operation:create finds all events where a resource was created.
  • operation:modify finds all events where an existing resource was modified.
  • operation:remove finds all events where an existing resource was removed.
  • operation:restore finds all events where an existing resource was restored.
  • operation:transfer finds all events where an existing resource was transferred.

Search based on repository

Use the repo qualifier to limit actions to a specific repository. For example:

  • repo:my-org/our-repo finds all events that occurred for the our-repo repository in the my-org organization.
  • repo:my-org/our-repo repo:my-org/another-repo finds all events that occurred for both the our-repo and another-repo repositories in the my-org organization.
  • -repo:my-org/not-this-repo excludes all events that occurred for the not-this-repo repository in the my-org organization.

Note that you must include the account name within the repo qualifier; searching for just repo:our-repo will not work.

Search based on the user

The actor qualifier can scope events based on who performed the action. For example:

  • actor:octocat finds all events performed by octocat.
  • actor:octocat actor:hubot finds all events performed by both octocat and hubot.
  • -actor:hubot excludes all events performed by hubot.

Note that you can only use a GitHub Enterprise username, not an individual's real name.

Search based on the action performed

Category Name Description
oauth_access Contains all activities related to OAuth Apps you've connected with.
profile_picture Contains all activities related to your profile picture.
project Contains all activities related to project boards.
public_key Contains all activities related to your public SSH keys.
repo Contains all activities related to the repositories you own.
team Contains all activities related to teams you are a part of.
two_factor_authentication Contains all activities related to two-factor authentication.
user Contains all activities related to your account.

A description of the events within these categories is listed below.

The oauth_access category

Action Description
create Triggered when you grant access to an OAuth App.
destroy Triggered when you revoke an OAuth App's access to your account.

The profile_picture category

Action Description
update Triggered when you set or update your profile picture.

The project category

Action Description
create Triggered when a project board is created.
rename Triggered when a project board is renamed.
update Triggered when a project board is updated.
delete Triggered when a project board is deleted.
link Triggered when a repository is linked to a project board.
unlink Triggered when a repository is unlinked from a project board.
project.access Triggered when a project board's visibility is changed.
update_user_permission Triggered when an outside collaborator is added to or removed from a project board or has their permission level changed.

The public_key category

Action Description
create Triggered when you add a new public SSH key to your GitHub Enterprise account.
delete Triggered when you remove a public SSH key to your GitHub Enterprise account.

The repo category

Action Description
access Triggered when you a repository you own is switched from "private" to "public" (or vice versa).
add_member Triggered when a GitHub Enterprise user is given collaboration access to a repository.
add_topic Triggered when a repository owner adds a topic to a repository.
archived Triggered when a repository owner archives a repository.
config.disable_anonymous_git_access Triggered when anonymous Git read access is disabled in a public repository.
config.enable_anonymous_git_access Triggered when anonymous Git read access is enabled in a public repository.
config.lock_anonymous_git_access Triggered when a repository's anonymous Git read access setting is locked.
config.unlock_anonymous_git_access Triggered when a repository's anonymous Git read access setting is unlocked.
create Triggered when a new repository is created.
destroy Triggered when a repository is deleted.
remove_member Triggered when a GitHub Enterprise user is removed from a repository as a collaborator.
remove_topic Triggered when a repository owner removes a topic from a repository.
rename Triggered when a repository is renamed.
transfer Triggered when a repository is transferred.
transfer_start Triggered when a repository transfer is about to occur.
unarchived Triggered when a repository owner unarchives a repository.

The team category

Action Description
add_member Triggered when a member of an organization you belong to adds you to a team.
add_repository Triggered when a team you are a member of is given control of a repository.
create Triggered when a new team in an organization you belong to is created.
destroy Triggered when a team you are a member of is deleted from the organization.
remove_member Triggered when a member of an organization is removed from a team you are a member of.
remove_repository Triggered when a repository is no longer under a team's control.

The two_factor_authentication category

Action Description
enabled Triggered when two-factor authentication is enabled.
disabled Triggered when two-factor authentication is disabled.

The user category

Action Description
add_email Triggered when you add a new email address.
create Triggered when you create a new user account.
remove_email Triggered when you remove an email address.
rename Triggered when you rename your account.
change_password Triggered when you change your password.
forgot_password Triggered when you ask for a password reset.
login Triggered when you log in to your GitHub Enterprise Server instance.
failed_login Triggered when you failed to log in successfully.
two_factor_requested Triggered when GitHub Enterprise asks you for your two-factor authentication code.
show_private_contributions_count Triggered when you publicize private contributions on your profile.
hide_private_contributions_count Triggered when you hide private contributions on your profile.

The user_status category

Action Description
update Triggered when you set or change the status on your profile. For more information, see "Setting a status."
destroy Triggered when you clear the status on your profile.

Ask a human

Can't find what you're looking for?

Contact us