diff --git a/content/actions/security-guides/security-hardening-for-github-actions.md b/content/actions/security-guides/security-hardening-for-github-actions.md index 37fdb0b07cc2..f7623e31a4fa 100644 --- a/content/actions/security-guides/security-hardening-for-github-actions.md +++ b/content/actions/security-guides/security-hardening-for-github-actions.md @@ -345,79 +345,16 @@ If you are using {% data variables.product.prodname_actions %} to deploy to a cl ## Auditing {% data variables.product.prodname_actions %} events -You can use the audit log to monitor administrative tasks in an organization. The audit log records the type of action, when it was run, and which personal account performed the action. +You can use the security log to monitor activity for your user account and the audit log to monitor activity in your organization{% ifversion ghec or ghes or ghae %} or enterprise{% endif %}. The security and audit log records the type of action, when it was run, and which personal account performed the action. For example, you can use the audit log to track the `org.update_actions_secret` event, which tracks changes to organization secrets. - ![Screenshot showing a search for "action:org.update_actions_secret" in the audit log for an organization. Two results detail API updates to two secrets that are available to selected repositories.](/assets/images/help/repository/audit-log-entries.png) - -The following tables describe the {% data variables.product.prodname_actions %} events that you can find in the audit log. For more information on using the audit log, see -"[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#searching-the-audit-log)" and "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise)." -{% ifversion fpt or ghec %} -### Events for environments - -| Action | Description -|------------------|------------------- -| `environment.create_actions_secret` | Triggered when a secret is created in an environment. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets)." -| `environment.delete` | Triggered when an environment is deleted. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#deleting-an-environment)." -| `environment.remove_actions_secret` | Triggered when a secret is removed from an environment. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets)." -| `environment.update_actions_secret` | Triggered when a secret in an environment is updated. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets)." -{% endif %} + ![Screenshot showing a search for "action:org.update_actions_secret" in the audit log for an organization. Two results detail API updates to two secrets that are available to selected repositories.](/assets/images/help/repository/audit-log-entries.png) -{% ifversion fpt or ghes or ghec %} -### Events for configuration changes -| Action | Description -|------------------|------------------- -| `repo.actions_enabled` | Triggered when {% data variables.product.prodname_actions %} is enabled for a repository. Can be viewed using the UI. This event is not visible when you access the audit log using the REST API. For more information, see "[Using the REST API](#using-the-rest-api)." -| `repo.update_actions_access_settings` | Triggered when the setting to control how your repository is used by {% data variables.product.prodname_actions %} workflows in other repositories is changed. -{% endif %} +For the full list of events that you can find in the audit log for each account type, see the following articles: -### Events for secret management -| Action | Description -|------------------|------------------- -| `org.create_actions_secret` | Triggered when a {% data variables.product.prodname_actions %} secret is created for an organization. For more information, see "[AUTOTITLE](/actions/security-guides/encrypted-secrets#creating-encrypted-secrets-for-an-organization)." -| `org.remove_actions_secret` | Triggered when a {% data variables.product.prodname_actions %} secret is removed. -| `org.update_actions_secret` | Triggered when a {% data variables.product.prodname_actions %} secret is updated. -| `repo.create_actions_secret ` | Triggered when a {% data variables.product.prodname_actions %} secret is created for a repository. For more information, see "[AUTOTITLE](/actions/security-guides/encrypted-secrets#creating-encrypted-secrets-for-a-repository)." -| `repo.remove_actions_secret` | Triggered when a {% data variables.product.prodname_actions %} secret is removed. -| `repo.update_actions_secret` | Triggered when a {% data variables.product.prodname_actions %} secret is updated. - -### Events for self-hosted runners -| Action | Description -|------------------|------------------- -| `enterprise.register_self_hosted_runner` | Triggered when a new self-hosted runner is registered. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-an-enterprise)." -| `enterprise.remove_self_hosted_runner` | Triggered when a self-hosted runner is removed. -| `enterprise.runner_group_runners_updated` | Triggered when a runner group's member list is updated. For more information, see "[AUTOTITLE](/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization)." -| `enterprise.self_hosted_runner_online` | Triggered when the runner application is started. Can only be viewed using the REST API; not visible in the UI or JSON/CSV export. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner)." -| `enterprise.self_hosted_runner_offline` | Triggered when the runner application is stopped. Can only be viewed using the REST API; not visible in the UI or JSON/CSV export. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner)." -| `enterprise.self_hosted_runner_updated` | Triggered when the runner application is updated. Can be viewed using the REST API and the UI. This event is not included when you export the audit log as JSON data or a CSV file. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners)" and "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#exporting-the-audit-log)." -| `org.register_self_hosted_runner` | Triggered when a new self-hosted runner is registered. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-an-organization)." -| `org.remove_self_hosted_runner` | Triggered when a self-hosted runner is removed. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-an-organization)." -| `org.runner_group_runners_updated` | Triggered when a runner group's list of members is updated. For more information, see "[AUTOTITLE](/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization)." -| `org.runner_group_updated` | Triggered when the configuration of a self-hosted runner group is changed. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group)." -| `org.self_hosted_runner_online` | Triggered when the runner application is started. Can only be viewed using the REST API; not visible in the UI or JSON/CSV export. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner)." -| `org.self_hosted_runner_offline` | Triggered when the runner application is stopped. Can only be viewed using the REST API; not visible in the UI or JSON/CSV export. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner)." -| `org.self_hosted_runner_updated` | Triggered when the runner application is updated. Can be viewed using the REST API and the UI; not visible in the JSON/CSV export. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners)." -| `repo.register_self_hosted_runner` | Triggered when a new self-hosted runner is registered. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository)." -| `repo.remove_self_hosted_runner` | Triggered when a self-hosted runner is removed. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository)." -| `repo.self_hosted_runner_online` | Triggered when the runner application is started. Can only be viewed using the REST API; not visible in the UI or JSON/CSV export. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner)." -| `repo.self_hosted_runner_offline` | Triggered when the runner application is stopped. Can only be viewed using the REST API; not visible in the UI or JSON/CSV export. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner)." -| `repo.self_hosted_runner_updated` | Triggered when the runner application is updated. Can be viewed using the REST API and the UI; not visible in the JSON/CSV export. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners)." - -### Events for self-hosted runner groups -| Action | Description -|------------------|------------------- -| `enterprise.runner_group_created` | Triggered when a self-hosted runner group is created. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#creating-a-self-hosted-runner-group-for-an-enterprise)." -| `enterprise.runner_group_removed` | Triggered when a self-hosted runner group is removed. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#removing-a-self-hosted-runner-group)." -| `enterprise.runner_group_runner_removed` | Triggered when the REST API is used to remove a self-hosted runner from a group. -| `enterprise.runner_group_runners_added` | Triggered when a self-hosted runner is added to a group. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#moving-a-self-hosted-runner-to-a-group)." -| `enterprise.runner_group_updated` |Triggered when the configuration of a self-hosted runner group is changed. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group)." -| `org.runner_group_created` | Triggered when a self-hosted runner group is created. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#creating-a-self-hosted-runner-group-for-an-organization)." -| `org.runner_group_removed` | Triggered when a self-hosted runner group is removed. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#removing-a-self-hosted-runner-group)." -| `org.runner_group_updated` | Triggered when the configuration of a self-hosted runner group is changed. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group)." -| `org.runner_group_runners_added` | Triggered when a self-hosted runner is added to a group. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#moving-a-self-hosted-runner-to-a-group)." -| `org.runner_group_runner_removed` | Triggered when the REST API is used to remove a self-hosted runner from a group. For more information, see "[AUTOTITLE](/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization)." - -### Events for workflow activities - -{% data reusables.actions.actions-audit-events-workflow %} +- "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/security-log-events)" +- "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization)" +{%- ifversion ghec or ghes or ghae %} +- "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise)" +{%- endif %} \ No newline at end of file diff --git a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/mapping-okta-groups-to-teams.md b/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/mapping-okta-groups-to-teams.md index 108cba877d3f..494d82a84fe9 100644 --- a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/mapping-okta-groups-to-teams.md +++ b/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/mapping-okta-groups-to-teams.md @@ -72,14 +72,6 @@ Enterprise owners can use the site admin dashboard to check how Okta groups are ## Viewing audit log events for mapped groups - To monitor SSO activity for mapped groups, you can review the following events in the {% data variables.product.prodname_ghe_managed %} audit log. +To monitor SSO activity for mapped groups, you can review the `external_group` and `external_identity` events events in the {% data variables.product.prodname_ghe_managed %} audit log. -For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization)." - - ### `external_group` events - -{% data reusables.saml.external-group-audit-events %} - -### `external_identity` events - -{% data reusables.saml.external-identity-audit-events %} +For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization)." diff --git a/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise.md b/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise.md index a61aee36e63b..16b5ab5785ca 100644 --- a/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise.md +++ b/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise.md @@ -27,7 +27,7 @@ topics: The scope of the events that appear in your enterprise's audit log depend on whether your enterprise uses {% data variables.product.prodname_emus %}. For more information about {% data variables.product.prodname_emus %}, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users)." - If your enterprise does not use {% data variables.product.prodname_emus %}, the audit log only includes events related to the enterprise account and the organizations within the enterprise account, which are listed in this article. -- If your enterprise uses {% data variables.product.prodname_emus %}, the audit log also includes user events for {% data variables.enterprise.prodname_managed_users %}, such as each time the user logs in to {% data variables.product.product_name %} and actions they take within their user account. For a list of these user account events, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log#security-log-actions)." +- If your enterprise uses {% data variables.product.prodname_emus %}, the audit log also includes user events for {% data variables.enterprise.prodname_managed_users %}, such as each time the user logs in to {% data variables.product.product_name %} and actions they take within their user account. For a list of these user account events, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/security-log-events)." {% endif %} {%- ifversion fpt or ghec %} diff --git a/content/authentication/keeping-your-account-and-data-secure/index.md b/content/authentication/keeping-your-account-and-data-secure/index.md index 885cc866b776..853995acf2d8 100644 --- a/content/authentication/keeping-your-account-and-data-secure/index.md +++ b/content/authentication/keeping-your-account-and-data-secure/index.md @@ -21,6 +21,7 @@ children: - /reviewing-your-deploy-keys - /token-expiration-and-revocation - /reviewing-your-security-log + - /security-log-events - /removing-sensitive-data-from-a-repository - /about-anonymized-urls - /about-githubs-ip-addresses @@ -30,4 +31,3 @@ children: - /viewing-and-managing-your-sessions shortTitle: Account security --- - diff --git a/content/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log.md b/content/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log.md index 2a54a9c12b06..30ada4b2d9e5 100644 --- a/content/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log.md +++ b/content/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log.md @@ -13,8 +13,9 @@ versions: topics: - Identity - Access management -shortTitle: Security log +shortTitle: Review security log --- + ## Accessing your security log The security log lists all actions performed within the last 90 days. @@ -32,25 +33,25 @@ The security log lists all actions performed within the last 90 days. ### Search based on the action performed -The events listed in your security log are triggered by your actions. Actions are grouped into different categories. +The events listed in your security log are triggered by your actions. Actions are grouped into different categories. For the full list of events in each category, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/security-log-events)." | Category name | Description |------------------|-------------------{% ifversion fpt or ghec %} -| [`billing`](#billing-category-actions) | Contains all activities related to your billing information. -| [`codespaces`](#codespaces-category-actions) | Contains all activities related to {% data variables.product.prodname_github_codespaces %}. For more information, see "[AUTOTITLE](/codespaces/overview)." -| [`marketplace_agreement_signature`](#marketplace_agreement_signature-category-actions) | Contains all activities related to signing the {% data variables.product.prodname_marketplace %} Developer Agreement. -| [`marketplace_listing`](#marketplace_listing-category-actions) | Contains all activities related to listing apps in {% data variables.product.prodname_marketplace %}.{% endif %} -| [`oauth_access`](#oauth_access-category-actions) | Contains all activities related to [{% data variables.product.prodname_oauth_apps %}](/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps) you've connected with.{% ifversion fpt or ghec %} -| [`payment_method`](#payment_method-category-actions) | Contains all activities related to paying for your {% data variables.product.prodname_dotcom %} subscription.{% endif %}{% ifversion pat-v2%} -| [`personal_access_token`](#personal_access_token-category-actions) | Contains activities related to {% data variables.product.pat_v2 %}s. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)."{% endif %} -| [`profile_picture`](#profile_picture-category-actions) | Contains all activities related to your profile picture. -| [`project`](#project-category-actions) | Contains all activities related to project boards. -| [`public_key`](#public_key-category-actions) | Contains all activities related to [your public SSH keys](/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account). -| [`repo`](#repo-category-actions) | Contains all activities related to the repositories you own.{% ifversion fpt or ghec %} -| [`sponsors`](#sponsors-category-actions) | Contains all events related to {% data variables.product.prodname_sponsors %} and sponsor buttons (see "[AUTOTITLE](/sponsors/getting-started-with-github-sponsors/about-github-sponsors)" and "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository)"){% endif %}{% ifversion ghes or ghae %} -| [`team`](#team-category-actions) | Contains all activities related to teams you are a part of.{% endif %}{% ifversion not ghae %} -| [`two_factor_authentication`](#two_factor_authentication-category-actions) | Contains all activities related to [two-factor authentication](/authentication/securing-your-account-with-two-factor-authentication-2fa).{% endif %} -| [`user`](#user-category-actions) | Contains all activities related to your account. +| `billing` | Contains all activities related to your billing information. +| `codespaces` | Contains all activities related to {% data variables.product.prodname_github_codespaces %}. For more information, see "[AUTOTITLE](/codespaces/overview)." +| `marketplace_agreement_signature` | Contains all activities related to signing the {% data variables.product.prodname_marketplace %} Developer Agreement. +| `marketplace_listing`| Contains all activities related to listing apps in {% data variables.product.prodname_marketplace %}.{% endif %} +| `oauth_access` | Contains all activities related to [{% data variables.product.prodname_oauth_apps %}](/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps) you've connected with.{% ifversion fpt or ghec %} +| `payment_method` | Contains all activities related to paying for your {% data variables.product.prodname_dotcom %} subscription.{% endif %}{% ifversion pat-v2%} +| `personal_access_token` | Contains activities related to {% data variables.product.pat_v2 %}s. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)."{% endif %} +| `profile_picture`| Contains all activities related to your profile picture. +| `project` | Contains all activities related to project boards. +| `public_key` | Contains all activities related to [your public SSH keys](/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account). +| `repo`| Contains all activities related to the repositories you own.{% ifversion fpt or ghec %} +| `sponsors` | Contains all events related to {% data variables.product.prodname_sponsors %} and sponsor buttons (see "[AUTOTITLE](/sponsors/getting-started-with-github-sponsors/about-github-sponsors)" and "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository)"){% endif %}{% ifversion ghes or ghae %} +| `team` | Contains all activities related to teams you are a part of.{% endif %}{% ifversion not ghae %} +| `two_factor_authentication` | Contains all activities related to [two-factor authentication](/authentication/securing-your-account-with-two-factor-authentication-2fa).{% endif %} +| `user` | Contains all activities related to your account. {% ifversion fpt or ghec %} @@ -60,217 +61,3 @@ The events listed in your security log are triggered by your actions. Actions ar {% data reusables.audit_log.exported-log-keys-and-values %} {% endif %} - -## Security log actions - -An overview of some of the most common actions that are recorded as events in the security log. - -{% ifversion fpt or ghec %} - -### `billing` category actions - -| Action | Description -|------------------|------------------- -| `change_billing_type` | Triggered when you [change how you pay](/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method) for {% data variables.product.prodname_dotcom %}. -| `change_email` | Triggered when you [change your email address](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/changing-your-primary-email-address). - -### `codespaces` category actions - -| Action | Description -|------------------|------------------- -| `create` | Triggered when you [create a codespace](/codespaces/developing-in-codespaces/creating-a-codespace-for-a-repository). -| `resume` | Triggered when you resume a suspended codespace. -| `delete` | Triggered when you [delete a codespace](/codespaces/developing-in-codespaces/deleting-a-codespace). -| `manage_access_and_security` | Triggered when you update [the repositories a codespace has access to](/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces). -| `trusted_repositories_access_update` | Triggered when you change your personal account's [access and security setting for {% data variables.product.prodname_codespaces %}](/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces). - -### `marketplace_agreement_signature` category actions - -| Action | Description -|------------------|------------------- -| `create` | Triggered when you sign the {% data variables.product.prodname_marketplace %} Developer Agreement. - -### `marketplace_listing` category actions - -| Action | Description -|------------------|------------------- -| `approve` | Triggered when your listing is approved for inclusion in {% data variables.product.prodname_marketplace %}. -| `create` | Triggered when you create a listing for your app in {% data variables.product.prodname_marketplace %}. -| `delist` | Triggered when your listing is removed from {% data variables.product.prodname_marketplace %}. -| `redraft` | Triggered when your listing is sent back to draft state. -| `reject` | Triggered when your listing is not accepted for inclusion in {% data variables.product.prodname_marketplace %}. - -{% endif %} - -### `oauth_authorization` category actions - -| Action | Description -|------------------|------------------- -| `create` | Triggered when you [grant access to an {% data variables.product.prodname_oauth_app %}](/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps). -| `destroy` | Triggered when you [revoke an {% data variables.product.prodname_oauth_app %}'s access to your account](/apps/using-github-apps/reviewing-your-authorized-integrations) and when [authorizations are revoked or expire](/authentication/keeping-your-account-and-data-secure/token-expiration-and-revocation). - -{% ifversion fpt or ghec %} - -### `payment_method` category actions - -| Action | Description -|------------------|------------------- -| `create` | Triggered when a new payment method is added, such as a new credit card or PayPal account. -| `update` | Triggered when an existing payment method is updated. - -{% endif %} - -{% ifversion pat-v2 %} - -### `personal_access_token` category actions - -| Action | Description -|------------------|------------------- -| `access_granted` | Triggered when a {% data variables.product.pat_v2 %} that you created is granted access to resources. -| `access_revoked` | Triggered when a {% data variables.product.pat_v2 %} that you created is revoked. The token can still read public organization resources. -| `create` | Triggered when you create a {% data variables.product.pat_v2 %}. -| `credential_regenerated` | Triggered when you regenerate a {% data variables.product.pat_v2 %}. -| `destroy` | Triggered when you delete a {% data variables.product.pat_v2 %}. -| `request_cancelled` | Triggered when you cancel a pending request for your {% data variables.product.pat_v2 %} to access organization resources. -| `request_created` | Triggered when you create a {% data variables.product.pat_v2 %} to access organization resources and the organization requires approval before a {% data variables.product.pat_v2 %} can access organization resources. -| `request_denied` | Triggered when your request for a {% data variables.product.pat_v2 %} to access organization resources is denied. For more information, see "[AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization)." - -{% endif %} - -### `profile_picture` category actions - -| Action | Description -|------------------|------------------- -| `update` | Triggered when you [set or update your profile picture](/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile). - -### `project` category actions - -| Action | Description -|--------------------|--------------------- -| `access` | Triggered when a project board's visibility is changed. -| `create` | Triggered when a project board is created. -| `rename` | Triggered when a project board is renamed. -| `update` | Triggered when a project board is updated. -| `delete` | Triggered when a project board is deleted. -| `link` | Triggered when a repository is linked to a project board. -| `unlink` | Triggered when a repository is unlinked from a project board. -| `update_user_permission` | Triggered when an outside collaborator is added to or removed from a project board or has their permission level changed. - -### `public_key` category actions - -| Action | Description -|------------------|------------------- -| `create` | Triggered when you [add a new public SSH key to your account on {% ifversion ghae %}{% data variables.product.product_name %}{% else %}{% data variables.location.product_location %}{% endif %}](/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account). -| `delete` | Triggered when you [remove a public SSH key to your account on {% ifversion ghae %}{% data variables.product.product_name %}{% else %}{% data variables.location.product_location %}{% endif %}](/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys). - -### `repo` category actions - -| Action | Description -|------------------|------------------- -| `access` | Triggered when you a repository you own is [switched from "private" to "public"](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility) (or vice versa). -| `add_member` | Triggered when a {% data variables.product.product_name %} user is {% ifversion fpt or ghec %}[invited to have collaboration access](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository){% else %}[given collaboration access](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository){% endif %} to a repository. -| `add_topic` | Triggered when a repository owner [adds a topic](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics) to a repository. -| `archived` | Triggered when a repository owner [archives a repository](/repositories/archiving-a-github-repository/archiving-repositories).{% ifversion ghes %} -| `config.disable_anonymous_git_access` | Triggered when [anonymous Git read access is disabled](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/enabling-anonymous-git-read-access-for-a-repository) in a public repository. -| `config.enable_anonymous_git_access` | Triggered when [anonymous Git read access is enabled](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/enabling-anonymous-git-read-access-for-a-repository) in a public repository. -| `config.lock_anonymous_git_access` | Triggered when a repository's [anonymous Git read access setting is locked](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise). -| `config.unlock_anonymous_git_access` | Triggered when a repository's [anonymous Git read access setting is unlocked](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise).{% endif %} -| `create` | Triggered when [a new repository is created](/repositories/creating-and-managing-repositories/creating-a-new-repository). -| `destroy` | Triggered when [a repository is deleted](/repositories/creating-and-managing-repositories/deleting-a-repository).{% ifversion fpt or ghec %} -| `disable` | Triggered when a repository is disabled (e.g., for [insufficient funds](/billing/managing-your-github-billing-settings/unlocking-a-locked-account)).{% endif %}{% ifversion fpt or ghec %} -| `download_zip` | Triggered when a ZIP or TAR archive of a repository is downloaded. -| `enable` | Triggered when a repository is re-enabled.{% endif %} -| `remove_member` | Triggered when a {% data variables.product.product_name %} user is [removed from a repository as a collaborator](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository). -| `remove_topic` | Triggered when a repository owner removes a topic from a repository. -| `rename` | Triggered when [a repository is renamed](/repositories/creating-and-managing-repositories/renaming-a-repository). -| `staff_unlock` | Triggered when an enterprise owner or {% data variables.contact.github_support %} (with permission from a repository administrator) temporarily unlocked the repository. The visibility of the repository isn't changed. -| `transfer` | Triggered when [a repository is transferred](/repositories/creating-and-managing-repositories/transferring-a-repository). -| `transfer_start` | Triggered when a repository transfer is about to occur. -| `unarchived` | Triggered when a repository owner unarchives a repository. - -{% ifversion fpt or ghec %} -### `sponsors` category actions - -| Action | Description -|------------------|------------------- -| `custom_amount_settings_change` | Triggered when you enable or disable custom amounts, or when you change the suggested custom amount (see "[AUTOTITLE](/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers)") -| `repo_funding_links_file_action` | Triggered when you change the FUNDING file in your repository (see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository)") -| `sponsor_sponsorship_cancel` | Triggered when you cancel a sponsorship (see "[AUTOTITLE](/billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship)") -| `sponsor_sponsorship_create` | Triggered when you sponsor an account (see "[AUTOTITLE](/sponsors/sponsoring-open-source-contributors/sponsoring-an-open-source-contributor)") -| `sponsor_sponsorship_payment_complete` | Triggered after you sponsor an account and your payment has been processed (see "[AUTOTITLE](/sponsors/sponsoring-open-source-contributors/sponsoring-an-open-source-contributor)") -| `sponsor_sponsorship_preference_change` | Triggered when you change whether you receive email updates from a sponsored developer (see "[AUTOTITLE](/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship)") -| `sponsor_sponsorship_tier_change` | Triggered when you upgrade or downgrade your sponsorship (see "[AUTOTITLE](/billing/managing-billing-for-github-sponsors/upgrading-a-sponsorship)" and "[AUTOTITLE](/billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship)") -| `sponsored_developer_approve` | Triggered when your {% data variables.product.prodname_sponsors %} account is approved (see "[AUTOTITLE](/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account)") -| `sponsored_developer_create` | Triggered when your {% data variables.product.prodname_sponsors %} account is created (see "[AUTOTITLE](/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account)") -| `sponsored_developer_disable` | Triggered when your {% data variables.product.prodname_sponsors %} account is disabled -| `sponsored_developer_redraft` | Triggered when your {% data variables.product.prodname_sponsors %} account is returned to draft state from approved state -| `sponsored_developer_profile_update` | Triggered when you edit your sponsored developer profile (see "[AUTOTITLE](/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors)") -| `sponsored_developer_request_approval` | Triggered when you submit your application for {% data variables.product.prodname_sponsors %} for approval (see "[AUTOTITLE](/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account)") -| `sponsored_developer_tier_description_update` | Triggered when you change the description for a sponsorship tier (see "[AUTOTITLE](/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers)") -| `sponsored_developer_update_newsletter_send` | Triggered when you send an email update to your sponsors (see "[AUTOTITLE](/sponsors/receiving-sponsorships-through-github-sponsors/contacting-your-sponsors)") -| `waitlist_invite_sponsored_developer` | Triggered when you are invited to join {% data variables.product.prodname_sponsors %} from the waitlist (see "[AUTOTITLE](/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account)") -| `waitlist_join` | Triggered when you join the waitlist to become a sponsored developer (see "[AUTOTITLE](/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account)") -{% endif %} - -{% ifversion fpt or ghec %} -### `successor_invitation` category actions - -| Action | Description -|------------------|------------------- -| `accept` | Triggered when you accept a succession invitation (see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories)") -| `cancel` | Triggered when you cancel a succession invitation (see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories)") -| `create` | Triggered when you create a succession invitation (see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories)") -| `decline` | Triggered when you decline a succession invitation (see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories)") -| `revoke` | Triggered when you revoke a succession invitation (see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories)") -{% endif %} - -{% ifversion ghes or ghae %} - -### `team` category actions - -| Action | Description -|------------------|------------------- -| `add_member` | Triggered when a member of an organization you belong to [adds you to a team](/organizations/organizing-members-into-teams/adding-organization-members-to-a-team). -| `add_repository` | Triggered when a team you are a member of is given control of a repository. -| `create` | Triggered when a new team in an organization you belong to is created. -| `destroy` | Triggered when a team you are a member of is deleted from the organization. -| `remove_member` | Triggered when a member of an organization is [removed from a team](/organizations/organizing-members-into-teams/removing-organization-members-from-a-team) you are a member of. -| `remove_repository` | Triggered when a repository is no longer under a team's control. - -{% endif %} - -{% ifversion not ghae %} -### `two_factor_authentication` category actions - -| Action | Description -|------------------|------------------- -| `enabled` | Triggered when [two-factor authentication](/authentication/securing-your-account-with-two-factor-authentication-2fa) is enabled. -| `disabled` | Triggered when two-factor authentication is disabled. -{% endif %} - -### `user` category actions - -| Action | Description -|--------------------|--------------------- -| `add_email` | Triggered when you {% ifversion not ghae %}[add a new email address](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/changing-your-primary-email-address){% else %}add a new email address{% endif %}.{% ifversion fpt or ghec %} -| `codespaces_trusted_repo_access_granted` | Triggered when you [allow the codespaces you create for a repository to access other repositories owned by your personal account](/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces). -| `codespaces_trusted_repo_access_revoked` | Triggered when you [disallow the codespaces you create for a repository to access other repositories owned by your personal account](/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces). {% endif %} -| `create` | Triggered when you create a new personal account.{% ifversion not ghae %} -| `change_password` | Triggered when you change your password. -| `forgot_password` | Triggered when you ask for [a password reset](/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials).{% endif %} -| `hide_private_contributions_count` | Triggered when you [hide private contributions on your profile](/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-your-private-contributions-and-achievements-on-your-profile). -| `login` | Triggered when you log in to {% data variables.location.product_location %}.{% ifversion ghes or ghae %} -`mandatory_message_viewed` | Triggered when you view a mandatory message (see "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/customizing-user-messages-for-your-enterprise)" for details) | {% endif %} -| `failed_login` | Triggered when you failed to log in successfully. -| `remove_email` | Triggered when you remove an email address. -| `rename` | Triggered when you rename your account.{% ifversion fpt or ghec %} -| `report_content` | Triggered when you [report an issue or pull request, or a comment on an issue, pull request, or commit](/communities/maintaining-your-safety-on-github/reporting-abuse-or-spam).{% endif %} -| `show_private_contributions_count` | Triggered when you [publicize private contributions on your profile](/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-your-private-contributions-and-achievements-on-your-profile).{% ifversion not ghae %} -| `two_factor_requested` | Triggered when {% data variables.product.product_name %} asks you for [your two-factor authentication code](/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication).{% endif %} - -### `user_status` category actions - -| Action | Description -|--------------------|--------------------- -| `update` | Triggered when you set or change the status on your profile. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile#setting-a-status)." -| `destroy` | Triggered when you clear the status on your profile. diff --git a/content/authentication/keeping-your-account-and-data-secure/security-log-events.md b/content/authentication/keeping-your-account-and-data-secure/security-log-events.md new file mode 100644 index 000000000000..c893af047db2 --- /dev/null +++ b/content/authentication/keeping-your-account-and-data-secure/security-log-events.md @@ -0,0 +1,222 @@ +--- +title: Security log events +intro: Learn about security log events recorded for your personal account. +versions: + fpt: '*' + ghes: '*' + ghae: '*' + ghec: '*' +topics: + - Identity + - Access management +--- + +{% ifversion fpt or ghec %} + +## `billing` category actions + +| Action | Description +|------------------|------------------- +| `change_billing_type` | Triggered when you [change how you pay](/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method) for {% data variables.product.prodname_dotcom %}. +| `change_email` | Triggered when you [change your email address](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/changing-your-primary-email-address). + +## `codespaces` category actions + +| Action | Description +|------------------|------------------- +| `create` | Triggered when you [create a codespace](/codespaces/developing-in-codespaces/creating-a-codespace-for-a-repository). +| `resume` | Triggered when you resume a suspended codespace. +| `delete` | Triggered when you [delete a codespace](/codespaces/developing-in-codespaces/deleting-a-codespace). +| `manage_access_and_security` | Triggered when you update [the repositories a codespace has access to](/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces). +| `trusted_repositories_access_update` | Triggered when you change your personal account's [access and security setting for {% data variables.product.prodname_codespaces %}](/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces). + +## `marketplace_agreement_signature` category actions + +| Action | Description +|------------------|------------------- +| `create` | Triggered when you sign the {% data variables.product.prodname_marketplace %} Developer Agreement. + +## `marketplace_listing` category actions + +| Action | Description +|------------------|------------------- +| `approve` | Triggered when your listing is approved for inclusion in {% data variables.product.prodname_marketplace %}. +| `create` | Triggered when you create a listing for your app in {% data variables.product.prodname_marketplace %}. +| `delist` | Triggered when your listing is removed from {% data variables.product.prodname_marketplace %}. +| `redraft` | Triggered when your listing is sent back to draft state. +| `reject` | Triggered when your listing is not accepted for inclusion in {% data variables.product.prodname_marketplace %}. + +{% endif %} + +## `oauth_authorization` category actions + +| Action | Description +|------------------|------------------- +| `create` | Triggered when you [grant access to an {% data variables.product.prodname_oauth_app %}](/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps). +| `destroy` | Triggered when you [revoke an {% data variables.product.prodname_oauth_app %}'s access to your account](/apps/using-github-apps/reviewing-your-authorized-integrations) and when [authorizations are revoked or expire](/authentication/keeping-your-account-and-data-secure/token-expiration-and-revocation). + +{% ifversion fpt or ghec %} + +## `payment_method` category actions + +| Action | Description +|------------------|------------------- +| `create` | Triggered when a new payment method is added, such as a new credit card or PayPal account. +| `update` | Triggered when an existing payment method is updated. + +{% endif %} + +{% ifversion pat-v2 %} + +## `personal_access_token` category actions + +| Action | Description +|------------------|------------------- +| `access_granted` | Triggered when a {% data variables.product.pat_v2 %} that you created is granted access to resources. +| `access_revoked` | Triggered when a {% data variables.product.pat_v2 %} that you created is revoked. The token can still read public organization resources. +| `create` | Triggered when you create a {% data variables.product.pat_v2 %}. +| `credential_regenerated` | Triggered when you regenerate a {% data variables.product.pat_v2 %}. +| `destroy` | Triggered when you delete a {% data variables.product.pat_v2 %}. +| `request_cancelled` | Triggered when you cancel a pending request for your {% data variables.product.pat_v2 %} to access organization resources. +| `request_created` | Triggered when you create a {% data variables.product.pat_v2 %} to access organization resources and the organization requires approval before a {% data variables.product.pat_v2 %} can access organization resources. +| `request_denied` | Triggered when your request for a {% data variables.product.pat_v2 %} to access organization resources is denied. For more information, see "[AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization)." + +{% endif %} + +## `profile_picture` category actions + +| Action | Description +|------------------|------------------- +| `update` | Triggered when you [set or update your profile picture](/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile). + +## `project` category actions + +| Action | Description +|--------------------|--------------------- +| `access` | Triggered when a project board's visibility is changed. +| `create` | Triggered when a project board is created. +| `rename` | Triggered when a project board is renamed. +| `update` | Triggered when a project board is updated. +| `delete` | Triggered when a project board is deleted. +| `link` | Triggered when a repository is linked to a project board. +| `unlink` | Triggered when a repository is unlinked from a project board. +| `update_user_permission` | Triggered when an outside collaborator is added to or removed from a project board or has their permission level changed. + +## `public_key` category actions + +| Action | Description +|------------------|------------------- +| `create` | Triggered when you [add a new public SSH key to your account on {% ifversion ghae %}{% data variables.product.product_name %}{% else %}{% data variables.location.product_location %}{% endif %}](/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account). +| `delete` | Triggered when you [remove a public SSH key to your account on {% ifversion ghae %}{% data variables.product.product_name %}{% else %}{% data variables.location.product_location %}{% endif %}](/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys). + +## `repo` category actions + +| Action | Description +|------------------|------------------- +| `access` | Triggered when you a repository you own is [switched from "private" to "public"](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility) (or vice versa). +| `add_member` | Triggered when a {% data variables.product.product_name %} user is {% ifversion fpt or ghec %}[invited to have collaboration access](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository){% else %}[given collaboration access](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository){% endif %} to a repository. +| `add_topic` | Triggered when a repository owner [adds a topic](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics) to a repository. +| `archived` | Triggered when a repository owner [archives a repository](/repositories/archiving-a-github-repository/archiving-repositories).{% ifversion ghes %} +| `config.disable_anonymous_git_access` | Triggered when [anonymous Git read access is disabled](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/enabling-anonymous-git-read-access-for-a-repository) in a public repository. +| `config.enable_anonymous_git_access` | Triggered when [anonymous Git read access is enabled](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/enabling-anonymous-git-read-access-for-a-repository) in a public repository. +| `config.lock_anonymous_git_access` | Triggered when a repository's [anonymous Git read access setting is locked](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise). +| `config.unlock_anonymous_git_access` | Triggered when a repository's [anonymous Git read access setting is unlocked](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise).{% endif %} +| `create` | Triggered when [a new repository is created](/repositories/creating-and-managing-repositories/creating-a-new-repository). +| `destroy` | Triggered when [a repository is deleted](/repositories/creating-and-managing-repositories/deleting-a-repository).{% ifversion fpt or ghec %} +| `disable` | Triggered when a repository is disabled (e.g., for [insufficient funds](/billing/managing-your-github-billing-settings/unlocking-a-locked-account)).{% endif %}{% ifversion fpt or ghec %} +| `download_zip` | Triggered when a ZIP or TAR archive of a repository is downloaded. +| `enable` | Triggered when a repository is re-enabled.{% endif %} +| `remove_member` | Triggered when a {% data variables.product.product_name %} user is [removed from a repository as a collaborator](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository). +| `remove_topic` | Triggered when a repository owner removes a topic from a repository. +| `rename` | Triggered when [a repository is renamed](/repositories/creating-and-managing-repositories/renaming-a-repository). +| `staff_unlock` | Triggered when an enterprise owner or {% data variables.contact.github_support %} (with permission from a repository administrator) temporarily unlocked the repository. The visibility of the repository isn't changed. +| `transfer` | Triggered when [a repository is transferred](/repositories/creating-and-managing-repositories/transferring-a-repository). +| `transfer_start` | Triggered when a repository transfer is about to occur. +| `unarchived` | Triggered when a repository owner unarchives a repository. + +{% ifversion fpt or ghec %} +## `sponsors` category actions + +| Action | Description +|------------------|------------------- +| `custom_amount_settings_change` | Triggered when you enable or disable custom amounts, or when you change the suggested custom amount (see "[AUTOTITLE](/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers)") +| `repo_funding_links_file_action` | Triggered when you change the FUNDING file in your repository (see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository)") +| `sponsor_sponsorship_cancel` | Triggered when you cancel a sponsorship (see "[AUTOTITLE](/billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship)") +| `sponsor_sponsorship_create` | Triggered when you sponsor an account (see "[AUTOTITLE](/sponsors/sponsoring-open-source-contributors/sponsoring-an-open-source-contributor)") +| `sponsor_sponsorship_payment_complete` | Triggered after you sponsor an account and your payment has been processed (see "[AUTOTITLE](/sponsors/sponsoring-open-source-contributors/sponsoring-an-open-source-contributor)") +| `sponsor_sponsorship_preference_change` | Triggered when you change whether you receive email updates from a sponsored developer (see "[AUTOTITLE](/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship)") +| `sponsor_sponsorship_tier_change` | Triggered when you upgrade or downgrade your sponsorship (see "[AUTOTITLE](/billing/managing-billing-for-github-sponsors/upgrading-a-sponsorship)" and "[AUTOTITLE](/billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship)") +| `sponsored_developer_approve` | Triggered when your {% data variables.product.prodname_sponsors %} account is approved (see "[AUTOTITLE](/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account)") +| `sponsored_developer_create` | Triggered when your {% data variables.product.prodname_sponsors %} account is created (see "[AUTOTITLE](/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account)") +| `sponsored_developer_disable` | Triggered when your {% data variables.product.prodname_sponsors %} account is disabled +| `sponsored_developer_redraft` | Triggered when your {% data variables.product.prodname_sponsors %} account is returned to draft state from approved state +| `sponsored_developer_profile_update` | Triggered when you edit your sponsored developer profile (see "[AUTOTITLE](/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors)") +| `sponsored_developer_request_approval` | Triggered when you submit your application for {% data variables.product.prodname_sponsors %} for approval (see "[AUTOTITLE](/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account)") +| `sponsored_developer_tier_description_update` | Triggered when you change the description for a sponsorship tier (see "[AUTOTITLE](/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers)") +| `sponsored_developer_update_newsletter_send` | Triggered when you send an email update to your sponsors (see "[AUTOTITLE](/sponsors/receiving-sponsorships-through-github-sponsors/contacting-your-sponsors)") +| `waitlist_invite_sponsored_developer` | Triggered when you are invited to join {% data variables.product.prodname_sponsors %} from the waitlist (see "[AUTOTITLE](/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account)") +| `waitlist_join` | Triggered when you join the waitlist to become a sponsored developer (see "[AUTOTITLE](/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account)") +{% endif %} + +{% ifversion fpt or ghec %} +## `successor_invitation` category actions + +| Action | Description +|------------------|------------------- +| `accept` | Triggered when you accept a succession invitation (see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories)") +| `cancel` | Triggered when you cancel a succession invitation (see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories)") +| `create` | Triggered when you create a succession invitation (see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories)") +| `decline` | Triggered when you decline a succession invitation (see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories)") +| `revoke` | Triggered when you revoke a succession invitation (see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories)") +{% endif %} + +{% ifversion ghes or ghae %} + +## `team` category actions + +| Action | Description +|------------------|------------------- +| `add_member` | Triggered when a member of an organization you belong to [adds you to a team](/organizations/organizing-members-into-teams/adding-organization-members-to-a-team). +| `add_repository` | Triggered when a team you are a member of is given control of a repository. +| `create` | Triggered when a new team in an organization you belong to is created. +| `destroy` | Triggered when a team you are a member of is deleted from the organization. +| `remove_member` | Triggered when a member of an organization is [removed from a team](/organizations/organizing-members-into-teams/removing-organization-members-from-a-team) you are a member of. +| `remove_repository` | Triggered when a repository is no longer under a team's control. + +{% endif %} + +{% ifversion not ghae %} +## `two_factor_authentication` category actions + +| Action | Description +|------------------|------------------- +| `enabled` | Triggered when [two-factor authentication](/authentication/securing-your-account-with-two-factor-authentication-2fa) is enabled. +| `disabled` | Triggered when two-factor authentication is disabled. +{% endif %} + +## `user` category actions + +| Action | Description +|--------------------|--------------------- +| `add_email` | Triggered when you {% ifversion not ghae %}[add a new email address](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/changing-your-primary-email-address){% else %}add a new email address{% endif %}.{% ifversion fpt or ghec %} +| `codespaces_trusted_repo_access_granted` | Triggered when you [allow the codespaces you create for a repository to access other repositories owned by your personal account](/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces). +| `codespaces_trusted_repo_access_revoked` | Triggered when you [disallow the codespaces you create for a repository to access other repositories owned by your personal account](/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces). {% endif %} +| `create` | Triggered when you create a new personal account.{% ifversion not ghae %} +| `change_password` | Triggered when you change your password. +| `forgot_password` | Triggered when you ask for [a password reset](/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials).{% endif %} +| `hide_private_contributions_count` | Triggered when you [hide private contributions on your profile](/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-your-private-contributions-and-achievements-on-your-profile). +| `login` | Triggered when you log in to {% data variables.location.product_location %}.{% ifversion ghes or ghae %} +`mandatory_message_viewed` | Triggered when you view a mandatory message (see "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/customizing-user-messages-for-your-enterprise)" for details) | {% endif %} +| `failed_login` | Triggered when you failed to log in successfully. +| `remove_email` | Triggered when you remove an email address. +| `rename` | Triggered when you rename your account.{% ifversion fpt or ghec %} +| `report_content` | Triggered when you [report an issue or pull request, or a comment on an issue, pull request, or commit](/communities/maintaining-your-safety-on-github/reporting-abuse-or-spam).{% endif %} +| `show_private_contributions_count` | Triggered when you [publicize private contributions on your profile](/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-your-private-contributions-and-achievements-on-your-profile).{% ifversion not ghae %} +| `two_factor_requested` | Triggered when {% data variables.product.product_name %} asks you for [your two-factor authentication code](/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication).{% endif %} + +## `user_status` category actions + +| Action | Description +|--------------------|--------------------- +| `update` | Triggered when you set or change the status on your profile. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile#setting-a-status)." +| `destroy` | Triggered when you clear the status on your profile. diff --git a/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md b/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md index eb9e424bdce5..0fd2c9278be6 100644 --- a/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md +++ b/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md @@ -240,4 +240,4 @@ When a member of your organization {% ifversion not fpt %}or enterprise {% endif ![Screenshot of the audit log showing Dependabot alerts](/assets/images/help/dependabot/audit-log-UI-dependabot-alert.png){% endif %} -Events in your audit log for {% data variables.product.prodname_dependabot_alerts %} include details such as who performed the action, what the action was, and when the action was performed. {% ifversion dependabot-alerts-audit-log %}The event also includes a link to the alert itself. When a member of your organization dismisses an alert, the event displays the dismissal reason and comment.{% endif %} For information on the {% data variables.product.prodname_dependabot_alerts %} actions, see the `repository_vulnerability_alert` category in "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#repository_vulnerability_alert-category-actions){% ifversion not fpt %}" and "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise#repository_vulnerability_alert-category-actions)."{% else %}."{% endif %} +Events in your audit log for {% data variables.product.prodname_dependabot_alerts %} include details such as who performed the action, what the action was, and when the action was performed. {% ifversion dependabot-alerts-audit-log %}The event also includes a link to the alert itself. When a member of your organization dismisses an alert, the event displays the dismissal reason and comment.{% endif %} For information on the {% data variables.product.prodname_dependabot_alerts %} actions, see the `repository_vulnerability_alert` category in "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization#repository_vulnerability_alert-category-actions){% ifversion not fpt %}" and "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise#repository_vulnerability_alert-category-actions)."{% else %}."{% endif %} diff --git a/content/code-security/getting-started/auditing-security-alerts.md b/content/code-security/getting-started/auditing-security-alerts.md index afdab1ecc69a..8b01649f66d7 100644 --- a/content/code-security/getting-started/auditing-security-alerts.md +++ b/content/code-security/getting-started/auditing-security-alerts.md @@ -18,21 +18,21 @@ shortTitle: Audit security alerts ## About security tools for auditors -{% data variables.product.prodname_dotcom %} provides tools for security auditors and developers to review and analyze responses to security alerts within an enterprise or organization. This guide describes the tools, which include historical timelines, security overview, audit logs, the API, and webhooks. +{% data variables.product.prodname_dotcom %} provides tools for security auditors and developers to review and analyze responses to security alerts within an enterprise or organization. This guide describes the tools, which include historical timelines, security overview, audit logs, the API, and webhooks. -Security auditors can use these tools to ensure the appropriate actions are being taken to resolve security alerts and to identify areas for additional training. Developers can use these tools to monitor and debug their own security alerts. You will only see data for repositories and organizations to which you already have access. +Security auditors can use these tools to ensure the appropriate actions are being taken to resolve security alerts and to identify areas for additional training. Developers can use these tools to monitor and debug their own security alerts. You will only see data for repositories and organizations to which you already have access. ## Security alert timelines -Each security alert has a historical timeline that shows when the alert was created or when a problem was detected. When the status of an alert changes this is recorded on the timeline, regardless of what caused the change, for example, {% data variables.product.prodname_dependabot %} closing a fixed alert and a developer reopening an alert. You can see the historical timeline for an alert on the alert page under the description of the problem. +Each security alert has a historical timeline that shows when the alert was created or when a problem was detected. When the status of an alert changes this is recorded on the timeline, regardless of what caused the change, for example, {% data variables.product.prodname_dependabot %} closing a fixed alert and a developer reopening an alert. You can see the historical timeline for an alert on the alert page under the description of the problem. Many of the events in the timeline also create an event in the audit log, which you can query using the audit log UI or the API. For more information, see "[Audit log](/code-security/getting-started/auditing-security-alerts#audit-log)." ## Security overview page -Security overview consolidates information about security alerts and provides high-level summaries of the security status of your enterprise or organization. +Security overview consolidates information about security alerts and provides high-level summaries of the security status of your enterprise or organization. -In security overview you can see repositories with open security alerts{% ifversion security-overview-org-risk-coverage %}, as well as which repositories have enabled specific security features{% endif %}. You can also use security overview to filter and sort security alerts using interactive views. +In security overview you can see repositories with open security alerts{% ifversion security-overview-org-risk-coverage %}, as well as which repositories have enabled specific security features{% endif %}. You can also use security overview to filter and sort security alerts using interactive views. For more information, see "[AUTOTITLE](/code-security/security-overview/about-security-overview)." @@ -44,7 +44,7 @@ You can access and search audit logs using the API or the audit log UI. The audi - {% data variables.product.prodname_dependabot %} events track when an alert is created, dismissed, or resolved. - {% data variables.product.prodname_code_scanning_caps %} does not create timeline events in an audit log. -For a list of audit log events, see "[Audit log events for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise)" and "[Reviewing the audit log for your organization](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization)." +For a list of audit log events, see "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise)" and "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization)." {% ifversion audit-log-streaming %} @@ -76,9 +76,9 @@ For more information, see "[{% data variables.product.prodname_dependabot %} ale You can list all {% data variables.product.prodname_secret_scanning %} alerts for a repository, organization, or enterprise, or use path parameters to list only alerts that meet a specific set of criteria. Alternatively, you can get full details for an alert or update the alert. -To see which {% data variables.product.prodname_secret_scanning %} alerts were the result of a push protection bypass, filter the results for `"push_protection_bypassed": true`. +To see which {% data variables.product.prodname_secret_scanning %} alerts were the result of a push protection bypass, filter the results for `"push_protection_bypassed": true`. -For more information, see "[{% data variables.product.prodname_secret_scanning_caps %}](/rest/secret-scanning)." +For more information, see "[{% data variables.product.prodname_secret_scanning_caps %}](/rest/secret-scanning)." ### {% data variables.product.prodname_code_scanning_caps %} alerts API diff --git a/content/codespaces/managing-codespaces-for-your-organization/reviewing-your-organizations-audit-logs-for-github-codespaces.md b/content/codespaces/managing-codespaces-for-your-organization/reviewing-your-organizations-audit-logs-for-github-codespaces.md index 5dac37cb80c3..f595b1bd1acf 100644 --- a/content/codespaces/managing-codespaces-for-your-organization/reviewing-your-organizations-audit-logs-for-github-codespaces.md +++ b/content/codespaces/managing-codespaces-for-your-organization/reviewing-your-organizations-audit-logs-for-github-codespaces.md @@ -19,7 +19,7 @@ When any member of your organization performs an action related to {% data varia ![Screenshot of the "Audit log" page for an organization, showing the "Recent events" list.](/assets/images/help/codespaces/codespaces-audit-log-org.png) -The audit log includes details such as who performed the action, what the action was, and when the action was performed. For information on {% data variables.product.prodname_github_codespaces %} actions, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#codespaces-category-actions)." +The audit log includes details such as who performed the action, what the action was, and when the action was performed. For information on {% data variables.product.prodname_github_codespaces %} actions, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization#codespaces-category-actions)." ## Further reading diff --git a/content/issues/tracking-your-work-with-issues/transferring-an-issue-to-another-repository.md b/content/issues/tracking-your-work-with-issues/transferring-an-issue-to-another-repository.md index b59a90b28c7f..881c9fc77363 100644 --- a/content/issues/tracking-your-work-with-issues/transferring-an-issue-to-another-repository.md +++ b/content/issues/tracking-your-work-with-issues/transferring-an-issue-to-another-repository.md @@ -54,6 +54,4 @@ gh issue transfer ISSUE {% ifversion ghes %}HOSTNAME/{% endif %}OWNER/REPO ## Further reading -- "[AUTOTITLE](/issues/tracking-your-work-with-issues/about-issues)" -- "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log)" -- "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization)" +- "[AUTOTITLE](/issues/tracking-your-work-with-issues/about-issues)" \ No newline at end of file diff --git a/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization.md b/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization.md new file mode 100644 index 000000000000..b580128703aa --- /dev/null +++ b/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization.md @@ -0,0 +1,726 @@ +--- +title: Audit log events for your organization +intro: Learn about audit log events recorded for your organization. +versions: + fpt: '*' + ghes: '*' + ghae: '*' + ghec: '*' +topics: + - Organizations + - Teams +shortTitle: Audit log events +--- + +{% ifversion fpt or ghec %} +## `account` category actions + +| Action | Description +|------------------|------------------- +| `billing_plan_change` | Triggered when an organization's [billing cycle](/billing/managing-your-github-billing-settings/changing-the-duration-of-your-billing-cycle) changes. +| `plan_change` | Triggered when an organization's [subscription](/billing/managing-billing-for-your-github-account/about-billing-for-github-accounts) changes. +| `pending_plan_change` | Triggered when an organization owner or billing manager [cancels or downgrades a paid subscription](/billing/managing-billing-for-your-github-account/how-does-upgrading-or-downgrading-affect-the-billing-process). +| `pending_subscription_change` | Triggered when a [{% data variables.product.prodname_marketplace %} free trial starts or expires](/billing/managing-billing-for-github-marketplace-apps/about-billing-for-github-marketplace). +{% endif %} + +{% ifversion fpt or ghec %} +## `advisory_credit` category actions + +| Action | Description +|------------------|------------------- +| `accept` | Triggered when someone accepts credit for a security advisory. For more information, see "[AUTOTITLE](/code-security/security-advisories/repository-security-advisories/editing-a-repository-security-advisory)." +| `create` | Triggered when the administrator of a security advisory adds someone to the credit section. +| `decline` | Triggered when someone declines credit for a security advisory. +| `destroy` | Triggered when the administrator of a security advisory removes someone from the credit section. +{% endif %} + +{% ifversion pat-v2 %} + +## `auto_approve_personal_access_token_requests` category actions + +| Action | Description +|------------------|------------------- +| `disable` | Triggered when the organization must approve {% data variables.product.pat_v2 %}s before the tokens can access organization resources. For more information, see "[AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization)." +| `enable` | Triggered when {% data variables.product.pat_v2 %}s can access organization resources without prior approval. For more information, see "[AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization)." + +{% endif %} + +{% ifversion fpt or ghec %} +## `billing` category actions + +| Action | Description +|------------------|------------------- +| `change_billing_type` | Triggered when your organization [changes how it pays for {% data variables.product.prodname_dotcom %}](/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method). +| `change_email` | Triggered when your organization's [billing email address](/billing/managing-your-github-billing-settings/setting-your-billing-email) changes. +{% endif %} + +## `business` category actions + +| Action | Description +|------------------|-------------------{% ifversion fpt or ghec %} +| `set_actions_fork_pr_approvals_policy` | Triggered when the setting for requiring approvals for workflows from public forks is changed for an enterprise. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-your-enterprise)."{% endif %} +| `set_actions_retention_limit` | Triggered when the retention period for {% data variables.product.prodname_actions %} artifacts and logs is changed for an enterprise. For more information, see "[Enforcing policies for {% data variables.product.prodname_actions %} in your enterprise]({% ifversion fpt %}/enterprise-cloud@latest{% endif %}/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-artifact-and-log-retention-in-your-enterprise)."{% ifversion fpt or ghes or ghec %} +| `set_fork_pr_workflows_policy` | Triggered when the policy for workflows on private repository forks is changed. For more information, see "{% ifversion fpt or ghec%}[Enforcing policies for {% data variables.product.prodname_actions %} in your enterprise]({% ifversion fpt %}/enterprise-cloud@latest{% endif %}/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-private-repositories){% else ifversion ghes > 2.22 %}[Enabling workflows for private repository forks](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enabling-workflows-for-private-repository-forks){% endif %}."{% endif %} + +{% ifversion fpt or ghec %} +## `codespaces` category actions + +| Action | Description +|------------------|------------------- +| `create` | Triggered when a user [creates a codespace](/codespaces/developing-in-codespaces/creating-a-codespace-for-a-repository). +| `resume` | Triggered when a user resumes a suspended codespace. +| `delete` | Triggered when a user [deletes a codespace](/codespaces/developing-in-codespaces/deleting-a-codespace). +| `create_an_org_secret` | Triggered when a user creates an organization-level [secret for {% data variables.product.prodname_github_codespaces %}](/codespaces/managing-your-codespaces/managing-encrypted-secrets-for-your-codespaces#about-encrypted-secrets-for-codespaces) +| `update_an_org_secret` | Triggered when a user updates an organization-level [secret for {% data variables.product.prodname_github_codespaces %}](/codespaces/managing-your-codespaces/managing-encrypted-secrets-for-your-codespaces#about-encrypted-secrets-for-codespaces). +| `remove_an_org_secret` | Triggered when a user removes an organization-level [secret for {% data variables.product.prodname_github_codespaces %}](/codespaces/managing-your-codespaces/managing-encrypted-secrets-for-your-codespaces#about-encrypted-secrets-for-codespaces). +| `manage_access_and_security` | Triggered when a user updates [which repositories a codespace can access](/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces). +{% endif %} + +## `dependabot_alerts` category actions + +| Action | Description +|------------------|------------------- +| `disable` | Triggered when an organization owner disables {% data variables.product.prodname_dependabot_alerts %} for all existing {% ifversion fpt or ghec %}private {% endif %}repositories. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)." +| `enable` | Triggered when an organization owner enables {% data variables.product.prodname_dependabot_alerts %} for all existing {% ifversion fpt or ghec %}private {% endif %}repositories. + +## `dependabot_alerts_new_repos` category actions + +| Action | Description +|------------------|------------------- +| `disable` | Triggered when an organization owner disables {% data variables.product.prodname_dependabot_alerts %} for all new {% ifversion fpt or ghec %}private {% endif %}repositories. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)." +| `enable` | Triggered when an organization owner enables {% data variables.product.prodname_dependabot_alerts %} for all new {% ifversion fpt or ghec %}private {% endif %}repositories. + +{% ifversion fpt or ghec or ghes %} +## `dependabot_security_updates` category actions + +| Action | Description +|------------------|------------------- +| `disable` | Triggered when an organization owner disables {% data variables.product.prodname_dependabot_security_updates %} for all existing repositories. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)." +| `enable` | Triggered when an organization owner enables {% data variables.product.prodname_dependabot_security_updates %} for all existing repositories. + +## `dependabot_security_updates_new_repos` category actions + +| Action | Description +|------------------|------------------- +| `disable` | Triggered when an organization owner disables {% data variables.product.prodname_dependabot_security_updates %} for all new repositories. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)." +| `enable` | Triggered when an organization owner enables {% data variables.product.prodname_dependabot_security_updates %} for all new repositories. +{% endif %} + +{% ifversion fpt or ghec %} +## `dependency_graph` category actions + +| Action | Description +|------------------|------------------- +| `disable` | Triggered when an organization owner disables the dependency graph for all existing repositories. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)." +| `enable` | Triggered when an organization owner enables the dependency graph for all existing repositories. + +## `dependency_graph_new_repos` category actions + +| Action | Description +|------------------|------------------- +| `disable` | Triggered when an organization owner disables the dependency graph for all new repositories. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)." +| `enable` | Triggered when an organization owner enables the dependency graph for all new repositories. +{% endif %} + +## `discussion_post` category actions + +| Action | Description +|------------------|------------------- +| `update` | Triggered when [a team discussion post is edited](/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment). +| `destroy` | Triggered when [a team discussion post is deleted](/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment). + +## `discussion_post_reply` category actions + +| Action | Description +|------------------|------------------- +| `update` | Triggered when [a reply to a team discussion post is edited](/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment). +| `destroy` | Triggered when [a reply to a team discussion post is deleted](/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment). + +{% ifversion fpt or ghes or ghec %} +## `enterprise` category actions + +{% data reusables.actions.actions-audit-events-for-enterprise %} + +{% endif %} + +{% ifversion fpt or ghec %} +## `environment` category actions + +| Action | Description +|------------------|------------------- +| `create_actions_secret` | Triggered when a secret is created in an environment. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets)." +| `delete` | Triggered when an environment is deleted. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#deleting-an-environment)." +| `remove_actions_secret` | Triggered when a secret is removed from an environment. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets)." +| `update_actions_secret` | Triggered when a secret in an environment is updated. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets)." +{% endif %} + +{% ifversion ghae %} +## `external_group` category actions + +{% data reusables.saml.external-group-audit-events %} + +{% endif %} + +{% ifversion ghae %} +## `external_identity` category actions + +{% data reusables.saml.external-identity-audit-events %} + +{% endif %} + +{% ifversion fpt or ghec %} +## `git` category actions + +{% note %} + +**Note:** To access Git events in the audit log, you must use the audit log REST API. The audit log REST API is available for users of {% data variables.product.prodname_ghe_cloud %} only. For more information, see "[AUTOTITLE](/rest/orgs#get-the-audit-log-for-an-organization)." + +{% endnote %} + +{% data reusables.audit_log.audit-log-git-events-retention %} + +| Action | Description +|---------|---------------------------- +| `clone` | Triggered when a repository is cloned. +| `fetch` | Triggered when changes are fetched from a repository. +| `push` | Triggered when changes are pushed to a repository. + +{% endif %} + +## `hook` category actions + +| Action | Description +|------------------|------------------- +| `create` | Triggered when [a new hook was added](/get-started/exploring-integrations/about-webhooks) to a repository owned by your organization. +| `config_changed` | Triggered when an existing hook has its configuration altered. +| `destroy` | Triggered when an existing hook was removed from a repository. +| `events_changed` | Triggered when the events on a hook have been altered. + +## `integration_installation` category actions + +| Action | Description +|--------|------------- +| `contact_email_changed` | A contact email for an integration was changed. +| `create` | An integration was installed. +| `destroy` | An integration was uninstalled. +| `repositories_added` | Repositories were added to an integration. +| `repositories_removed` | Repositories were removed from an integration. +{%- ifversion fpt or ghec %} +| `suspend` | An integration was suspended. +| `unsuspend` | An integration was unsuspended. +{%- endif %} +| `version_updated` | Permissions for an integration were updated. + +## `integration_installation_request` category actions + +| Action | Description +|------------------|------------------- +| `create` | Triggered when an organization member requests that an organization owner install an integration for use in the organization. +| `close` | Triggered when a request to install an integration for use in an organization is either approved or denied by an organization owner, or canceled by the organization member who opened the request. + +{% ifversion ghec or ghae %} +## `ip_allow_list` category actions + +| Action | Description +|------------------|------------------- +| `enable` | Triggered when an IP allow list was enabled for an organization. +| `disable` | Triggered when an IP allow list was disabled for an organization. +| `enable_for_installed_apps` | Triggered when an IP allow list was enabled for installed {% data variables.product.prodname_github_apps %}. +| `disable_for_installed_apps` | Triggered when an IP allow list was disabled for installed {% data variables.product.prodname_github_apps %}. + +## `ip_allow_list_entry` category actions + +| Action | Description +|------------------|------------------- +| `create` | Triggered when an IP address was added to an IP allow list. +| `update` | Triggered when an IP address or its description was changed. +| `destroy` | Triggered when an IP address was deleted from an IP allow list. +{% endif %} + +## `issue` category actions + +| Action | Description +|------------------|------------------- +| `destroy` | Triggered when an organization owner or someone with admin permissions in a repository deletes an issue from an organization-owned repository. + +{% ifversion fpt or ghec %} + +## `marketplace_agreement_signature` category actions + +| Action | Description +|------------------|------------------- +| `create` | Triggered when you sign the {% data variables.product.prodname_marketplace %} Developer Agreement. + +## `marketplace_listing` category actions + +| Action | Description +|------------------|------------------- +| `approve` | Triggered when your listing is approved for inclusion in {% data variables.product.prodname_marketplace %}. +| `create` | Triggered when you create a listing for your app in {% data variables.product.prodname_marketplace %}. +| `delist` | Triggered when your listing is removed from {% data variables.product.prodname_marketplace %}. +| `redraft` | Triggered when your listing is sent back to draft state. +| `reject` | Triggered when your listing is not accepted for inclusion in {% data variables.product.prodname_marketplace %}. + +{% endif %} + +{% ifversion fpt or ghes or ghec %} + +## `members_can_create_pages` category actions + +For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization)." + +| Action | Description | +| :- | :- | +| `enable` | Triggered when an organization owner enables publication of {% data variables.product.prodname_pages %} sites for repositories in the organization. | +| `disable` | Triggered when an organization owner disables publication of {% data variables.product.prodname_pages %} sites for repositories in the organization. | + +{% endif %} + +## `oauth_application` category actions + +| Action | Description +|------------------|------------------- +| `create` | Triggered when a new {% data variables.product.prodname_oauth_app %} is created. +| `destroy` | Triggered when an existing {% data variables.product.prodname_oauth_app %} is deleted. +| `reset_secret` | Triggered when an {% data variables.product.prodname_oauth_app %}'s client secret is reset. +| `revoke_tokens` | Triggered when an {% data variables.product.prodname_oauth_app %}'s user tokens are revoked. +| `transfer` | Triggered when an existing {% data variables.product.prodname_oauth_app %} is transferred to a new organization. + +## `org` category actions + +| Action | Description +|------------------|------------------- +| `add_member` | Triggered when a user joins an organization. +| `advanced_security_policy_selected_member_disabled` | Triggered when an enterprise owner prevents {% data variables.product.prodname_GH_advanced_security %} features from being enabled for repositories owned by the organization. {% data reusables.advanced-security.more-information-about-enforcement-policy %} +| `advanced_security_policy_selected_member_enabled` | Triggered when an enterprise owner allows {% data variables.product.prodname_GH_advanced_security %} features to be enabled for repositories owned by the organization. {% data reusables.advanced-security.more-information-about-enforcement-policy %}{% ifversion fpt or ghec %} +| `audit_log_export` | Triggered when an organization admin [creates an export of the organization audit log](#exporting-the-audit-log). If the export included a query, the log will list the query used and the number of audit log entries matching that query. +| `block_user` | Triggered when an organization owner [blocks a user from accessing the organization's repositories](/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization). +| `cancel_invitation` | Triggered when an organization invitation has been revoked. {% endif %}{% ifversion org-enable-code-scanning %} +| `codeql_disabled` | Triggered when an organization owner or person with admin access to the organization disables {% data variables.product.prodname_code_scanning %} for repositories that use the default setup for {% data variables.product.prodname_codeql %}. +| `codeql_enabled` | Triggered when an organization owner or person with admin access to the organization enables {% data variables.product.prodname_code_scanning %} for repositories that are eligible to use the default setup for {% data variables.product.prodname_codeql %}. {% endif %}{% ifversion fpt or ghes or ghec %} +| `create_actions_secret` | Triggered when a {% data variables.product.prodname_actions %} secret is created for an organization. For more information, see "[AUTOTITLE](/actions/security-guides/encrypted-secrets#creating-encrypted-secrets-for-an-organization)."{% endif %} {% ifversion fpt or ghec %} +| `disable_oauth_app_restrictions` | Triggered when an owner [disables {% data variables.product.prodname_oauth_app %} access restrictions](/organizations/managing-oauth-access-to-your-organizations-data/disabling-oauth-app-access-restrictions-for-your-organization) for your organization.{% ifversion ghec %} +| `disable_saml` | Triggered when an organization admin disables SAML single sign-on for an organization.{% endif %}{% endif %}{% ifversion display-ip-org-audit-log %} +| `disable_source_ip_disclosure` | Triggered when an organization owner disables the display of IP addresses in the audit log for the organization. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization)." | {% endif %} +| `disable_member_team_creation_permission` | Triggered when an organization owner limits team creation to owners. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization)." |{% ifversion not ghae %} +| `disable_two_factor_requirement` | Triggered when an owner disables a two-factor authentication requirement for all members{% ifversion fpt or ghec %}, billing managers,{% endif %} and outside collaborators in an organization.{% endif %}{% ifversion fpt or ghec %} +| `enable_oauth_app_restrictions` | Triggered when an owner [enables {% data variables.product.prodname_oauth_app %} access restrictions](/organizations/managing-oauth-access-to-your-organizations-data/enabling-oauth-app-access-restrictions-for-your-organization) for your organization.{% ifversion ghec %} +| `enable_saml` | Triggered when an organization admin [enables SAML single sign-on](/organizations/managing-saml-single-sign-on-for-your-organization/enabling-and-testing-saml-single-sign-on-for-your-organization) for an organization.{% endif %}{% endif %} +| `enable_member_team_creation_permission` | Triggered when an organization owner allows members to create teams. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization)." |{% ifversion display-ip-org-audit-log %} +| `enable_source_ip_disclosure` | Triggered when an organization owner enables the display of IP addresses in the audit log for the organization. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization)." | {% endif %}{% ifversion not ghae %} +| `enable_two_factor_requirement` | Triggered when an owner requires two-factor authentication for all members{% ifversion fpt or ghec %}, billing managers,{% endif %} and outside collaborators in an organization.{% endif %}{% ifversion fpt or ghec %} +| `invite_member` | Triggered when [a new user was invited to join your organization](/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization). +| `oauth_app_access_approved` | Triggered when an owner [grants organization access to an {% data variables.product.prodname_oauth_app %}](/organizations/managing-oauth-access-to-your-organizations-data/approving-oauth-apps-for-your-organization). +| `oauth_app_access_denied` | Triggered when an owner [disables a previously approved {% data variables.product.prodname_oauth_app %}'s access](/organizations/managing-oauth-access-to-your-organizations-data/denying-access-to-a-previously-approved-oauth-app-for-your-organization) to your organization. +| `oauth_app_access_requested` | Triggered when an organization member requests that an owner grant an {% data variables.product.prodname_oauth_app %} access to your organization.{% endif %} +{%- ifversion ghec %} +| `org.transfer` | Triggered when an organization is transferred between enterprise accounts. For more information, see "[AUTOTITLE](/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#transferring-an-organization-between-enterprise-accounts)." +{%- endif %} +| `register_self_hosted_runner` | Triggered when a new self-hosted runner is registered. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-an-organization)." +| `remove_actions_secret` | Triggered when a {% data variables.product.prodname_actions %} secret is removed.{% ifversion fpt or ghec %} +| `remove_billing_manager` | Triggered when an [owner removes a billing manager from an organization](/organizations/managing-peoples-access-to-your-organization-with-roles/removing-a-billing-manager-from-your-organization) or when [two-factor authentication is required in an organization](/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization) and a billing manager doesn't use 2FA or disables 2FA. |{% endif %} +| `remove_member` | Triggered when an [owner removes a member from an organization](/organizations/managing-membership-in-your-organization/removing-a-member-from-your-organization){% ifversion not ghae %} or when [two-factor authentication is required in an organization](/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization) and an organization member doesn't use 2FA or disables 2FA{% endif %}. Also triggered when an [organization member removes themselves](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/removing-yourself-from-an-organization) from an organization.| +| `remove_outside_collaborator` | Triggered when an owner removes an outside collaborator from an organization{% ifversion not ghae %} or when [two-factor authentication is required in an organization](/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization) and an outside collaborator does not use 2FA or disables 2FA{% endif %}. | +| `remove_self_hosted_runner` | Triggered when a self-hosted runner is removed. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-an-organization)." {% ifversion ghec %} +| `revoke_external_identity` | Triggered when an organization owner revokes a member's linked identity. For more information, see "[AUTOTITLE](/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization#viewing-and-revoking-a-linked-identity)." +| `revoke_sso_session` | Triggered when an organization owner revokes a member's SAML session. For more information, see "[AUTOTITLE](/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization#viewing-and-revoking-a-linked-identity)." {% endif %} +{%- ifversion required-workflows %} +| `required_workflow_create` | Triggered when a required workflow is created. For more information, see "[AUTOTITLE](/actions/using-workflows/required-workflows)." +| `required_workflow_update` | Triggered when a required workflow is updated. For more information, see "[AUTOTITLE](/actions/using-workflows/required-workflows)." +| `required_workflow_delete` | Triggered when a required workflow is deleted. For more information, see "[AUTOTITLE](/actions/using-workflows/required-workflows)." +{%- endif %} +| `runner_group_created` | Triggered when a self-hosted runner group is created. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#creating-a-self-hosted-runner-group-for-an-organization)." +| `runner_group_removed` | Triggered when a self-hosted runner group is removed. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#removing-a-self-hosted-runner-group)." +| `runner_group_updated` | Triggered when the configuration of a self-hosted runner group is changed. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group)." +| `runner_group_runners_added` | Triggered when a self-hosted runner is added to a group. For more information, see [Moving a self-hosted runner to a group](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#moving-a-self-hosted-runner-to-a-group). +| `runner_group_runner_removed` | Triggered when the REST API is used to remove a self-hosted runner from a group. For more information, see "[AUTOTITLE](/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization)." +| `runner_group_runners_updated`| Triggered when a runner group's list of members is updated. For more information, see "[AUTOTITLE](/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization)."{% ifversion secret-scanning-custom-pattern-push-protection-audit %} +| `secret_scanning_custom_pattern_push_protection_disabled`| Triggered when an organization owner or person with admin access disables push protection for a custom pattern for {% data variables.product.prodname_secret_scanning %}. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization)." +| `secret_scanning_custom_pattern_push_protection_enabled`| Triggered when an organization owner or person with admin access enables push protection for a custom pattern for {% data variables.product.prodname_secret_scanning %}. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization)."{% endif %} +{%- ifversion code-security-audit-log-events %} +| `secret_scanning_push_protection_custom_message_disabled` | Triggered when an organization owner or admin disables the custom message triggered by an attempted push to a push-protected repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization)." +| `secret_scanning_push_protection_custom_message_enabled` | Triggered when an organization owner or admin enables the custom message triggered by an attempted push to a push-protected repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization)." +| `secret_scanning_push_protection_custom_message_updated` | Triggered when an organization owner or admin updates the custom message triggered by an attempted push to a push-protected repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization)." +{%- endif %} +{%- ifversion secret-scanning-audit-log-custom-patterns %} +| `secret_scanning_push_protection_disable ` | Triggered when an organization owner or person with admin access to the organization disables push protection for {% data variables.product.prodname_secret_scanning %}. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/code-security/secret-scanning/protecting-pushes-with-secret-scanning)." +| `secret_scanning_push_protection_enable ` | Triggered when an organization owner or person with admin access to the organization enables push protection for {% data variables.product.prodname_secret_scanning %}.{%- endif %} +| `self_hosted_runner_online` | Triggered when the runner application is started. Can only be viewed using the REST API; not visible in the UI or JSON/CSV export. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner)." +| `self_hosted_runner_offline` | Triggered when the runner application is stopped. Can only be viewed using the REST API; not visible in the UI or JSON/CSV export. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner)."{% ifversion fpt or ghes or ghec %} +| `self_hosted_runner_updated` | Triggered when the runner application is updated. Can be viewed using the REST API and the UI; not visible in the JSON/CSV export. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners)."{% endif %}{% ifversion fpt or ghec %} +| `set_actions_fork_pr_approvals_policy` | Triggered when the setting for requiring approvals for workflows from public forks is changed for an organization. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks)."{% endif %} +| `set_actions_retention_limit` | Triggered when the retention period for {% data variables.product.prodname_actions %} artifacts and logs is changed. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-artifact-and-log-retention-in-your-enterprise)."{% ifversion fpt or ghes or ghec %} +| `set_fork_pr_workflows_policy` | Triggered when the policy for workflows on private repository forks is changed. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks)."{% endif %}{% ifversion fpt or ghec %} +| `unblock_user` | Triggered when an organization owner [unblocks a user from an organization](/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization).{% endif %}{% ifversion fpt or ghes or ghec %} +| `update_actions_secret` |Triggered when a {% data variables.product.prodname_actions %} secret is updated.{% endif %} +| `update_new_repository_default_branch_setting` | Triggered when an owner changes the name of the default branch for new repositories in the organization. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/managing-the-default-branch-name-for-repositories-in-your-organization)." +| `update_default_repository_permission` | Triggered when an owner changes the default repository permission level for organization members. +| `update_member` | Triggered when an owner changes a person's role from owner to member or member to owner. +| `update_member_repository_creation_permission` | Triggered when an owner changes the create repository permission for organization members.{% ifversion fpt or ghec %} +| `update_saml_provider_settings` | Triggered when an organization's SAML provider settings are updated. +| `update_terms_of_service` | Triggered when an organization changes between the Standard Terms of Service and the Corporate Terms of Service. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/upgrading-to-the-corporate-terms-of-service)."{% endif %} + +{% ifversion ghec %} +## `org_credential_authorization` category actions + +| Action | Description +|------------------|------------------- +| `grant` | Triggered when a member [authorizes credentials for use with SAML single sign-on](/authentication/authenticating-with-saml-single-sign-on). +| `deauthorized` | Triggered when a member [deauthorizes credentials for use with SAML single sign-on](/authentication/authenticating-with-saml-single-sign-on). +| `revoke` | Triggered when an owner [revokes authorized credentials](/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization). + +{% endif %}{% ifversion secret-scanning-audit-log-custom-patterns %} + +## `org_secret_scanning_custom_pattern` category actions + +| Action | Description +|------------------|------------------- +| `create` | Triggered when a custom pattern is published for {% data variables.product.prodname_secret_scanning %} in an organization. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization)." +| `update` | Triggered when changes to a custom pattern are saved for {% data variables.product.prodname_secret_scanning %} in an organization. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#editing-a-custom-pattern)." +| `delete` | Triggered when a custom pattern is removed from {% data variables.product.prodname_secret_scanning %} in an organization. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#removing-a-custom-pattern)." + +{% endif %} + +## `organization_default_label` category actions + +| Action | Description +|------------------|------------------- +| `create` | Triggered when a default label is created. +| `update` | Triggered when a default label is edited. +| `destroy` | Triggered when a default label is deleted. + +## `packages` category actions + +| Action | Description | +|--------|-------------| +| `package_version_published` | Triggered when a package version is published. | +| `package_version_deleted` | Triggered when a specific package version is deleted. For more information, see "[AUTOTITLE](/packages/learn-github-packages/deleting-and-restoring-a-package)." +| `package_deleted` | Triggered when an entire package is deleted. For more information, see "[AUTOTITLE](/packages/learn-github-packages/deleting-and-restoring-a-package)." +| `package_version_restored` | Triggered when a specific package version is deleted. For more information, see "[AUTOTITLE](/packages/learn-github-packages/deleting-and-restoring-a-package)." +| `package_restored` | Triggered when an entire package is restored. For more information, see "[AUTOTITLE](/packages/learn-github-packages/deleting-and-restoring-a-package)." + +{% ifversion fpt or ghec %} + +## `payment_method` category actions + +| Action | Description +|------------------|------------------- +| `create` | Triggered when a new payment method is added, such as a new credit card or PayPal account. +| `update` | Triggered when an existing payment method is updated. + +{% endif %} + +{% ifversion pat-v2 %} + +## `personal_access_token` category actions + +| Action | Description +|------------------|------------------- +| `access_granted` | Triggered when a {% data variables.product.pat_v2 %} is granted access to organization resources. For more information, see "[AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization)." +| `access_revoked` | Triggered when access to organization resources by a {% data variables.product.pat_v2 %} is revoked. The token can still read public organization resources. For more information, see "[AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization)." +| `request_cancelled` | Triggered when a member of the organization cancels a request for their {% data variables.product.pat_v2 %} to access organization resources. +| `request_created` | Triggered when a member of the organization creates a {% data variables.product.pat_v2 %} to access organization resources and the organization requires approval before a {% data variables.product.pat_v2 %} can access organization resources. For more information, see "[AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization)." +| `request_denied` | Triggered when a request for a {% data variables.product.pat_v2 %} to access organization resources is denied. For more information, see "[AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization)." + +{% endif %} + +## `profile_picture` category actions +| Action | Description +|------------------|------------------- +| update | Triggered when you set or update your organization's profile picture. + +## `project` category actions + +| Action | Description +|--------------------|--------------------- +| `create` | Triggered when a project board is created. +| `link` | Triggered when a repository is linked to a project board. +| `rename` | Triggered when a project board is renamed. +| `update` | Triggered when a project board is updated. +| `delete` | Triggered when a project board is deleted. +| `unlink` | Triggered when a repository is unlinked from a project board. +| `update_org_permission` | Triggered when the base-level permission for all organization members is changed or removed. | +| `update_team_permission` | Triggered when a team's project board permission level is changed or when a team is added or removed from a project board. | +| `update_user_permission` | Triggered when an organization member or outside collaborator is added to or removed from a project board or has their permission level changed.| + +## `protected_branch` category actions + +| Action | Description +|--------------------|--------------------- +| `create ` | Triggered when branch protection is enabled on a branch. +| `destroy` | Triggered when branch protection is disabled on a branch. +| `update_admin_enforced ` | Triggered when branch protection is enforced for repository administrators. +| `update_require_code_owner_review ` | Triggered when enforcement of required Code Owner review is updated on a branch. +| `dismiss_stale_reviews ` | Triggered when enforcement of dismissing stale pull requests is updated on a branch. +| `update_signature_requirement_enforcement_level ` | Triggered when enforcement of required commit signing is updated on a branch. +| `update_pull_request_reviews_enforcement_level ` | Triggered when enforcement of required pull request reviews is updated on a branch. Can be one of `0`(deactivated), `1`(non-admins), `2`(everyone). +| `update_required_status_checks_enforcement_level ` | Triggered when enforcement of required status checks is updated on a branch. +| `update_strict_required_status_checks_policy` | Triggered when the requirement for a branch to be up to date before merging is changed. +| `rejected_ref_update ` | Triggered when a branch update attempt is rejected. +| `policy_override ` | Triggered when a branch protection requirement is overridden by a repository administrator. +| `update_allow_force_pushes_enforcement_level ` | Triggered when force pushes are enabled or disabled for a protected branch. +| `update_allow_deletions_enforcement_level ` | Triggered when branch deletion is enabled or disabled for a protected branch. +| `update_linear_history_requirement_enforcement_level ` | Triggered when required linear commit history is enabled or disabled for a protected branch. + +## `pull_request` category actions + +| Action | Description +|------------------|------------------- +| `create` | Triggered when a pull request is created. +| `close` | Triggered when a pull request is closed without being merged. +| `reopen` | Triggered when a pull request is reopened after previously being closed. +| `merge` | Triggered when a pull request is merged. +| `indirect_merge` | Triggered when a pull request is considered merged because its commits were merged into the target branch. +| `ready_for_review` | Triggered when a pull request is marked as ready for review. +| `converted_to_draft` | Triggered when a pull request is converted to a draft. +| `create_review_request` | Triggered when a review is requested. +| `remove_review_request` | Triggered when a review request is removed. + +## `pull_request_review` category actions + +| Action | Description +|------------------|------------------- +| `submit` | Triggered when a review is submitted. +| `dismiss` | Triggered when a review is dismissed. +| `delete` | Triggered when a review is deleted. + +## `pull_request_review_comment` category actions + +| Action | Description +|------------------|------------------- +| `create` | Triggered when a review comment is added. +| `update` | Triggered when a review comment is changed. +| `delete` | Triggered when a review comment is deleted. + +## `repo` category actions + +| Action | Description +|------------------|------------------- +| `access` | Triggered when a user [changes the visibility](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility) of a repository in the organization. +| `actions_enabled` | Triggered when {% data variables.product.prodname_actions %} is enabled for a repository. Can be viewed using the UI. This event is not included when you access the audit log using the REST API. For more information, see "[Using the audit log API](#using-the-audit-log-api)." +| `add_member` | Triggered when a user accepts an [invitation to have collaboration access to a repository](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository). +| `add_topic` | Triggered when a repository admin [adds a topic](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics) to a repository. +| `advanced_security_disabled` | Triggered when a repository administrator disables {% data variables.product.prodname_GH_advanced_security %} features for the repository. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository)." +| `advanced_security_enabled` | Triggered when a repository administrator enables {% data variables.product.prodname_GH_advanced_security %} features for the repository. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository).". +| `archived` | Triggered when a repository admin [archives a repository](/repositories/archiving-a-github-repository/archiving-repositories). +{%- ifversion remove-code-scanning-configurations %} +| `code_scanning_configuration_for_branch_deleted` | Triggered when a {% data variables.product.prodname_code_scanning %} configuration for a branch of a repository is deleted. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository#removing-stale-configurations-and-alerts-from-a-branch)." +{%- endif %} +{%- ifversion ghes %} +| `config.disable_anonymous_git_access` | Triggered when [anonymous Git read access is disabled](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/enabling-anonymous-git-read-access-for-a-repository) in a public repository. +| `config.enable_anonymous_git_access` | Triggered when [anonymous Git read access is enabled](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/enabling-anonymous-git-read-access-for-a-repository) in a public repository. +| `config.lock_anonymous_git_access` | Triggered when a repository's [anonymous Git read access setting is locked](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise). +| `config.unlock_anonymous_git_access` | Triggered when a repository's [anonymous Git read access setting is unlocked](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise).{% endif %} +| `create` | Triggered when [a new repository is created](/repositories/creating-and-managing-repositories/creating-a-new-repository).{% ifversion fpt or ghes or ghec %} +| `create_actions_secret` |Triggered when a {% data variables.product.prodname_actions %} secret is created for a repository. For more information, see "[AUTOTITLE](/actions/security-guides/encrypted-secrets#creating-encrypted-secrets-for-a-repository)."{% endif %} +| `destroy` | Triggered when [a repository is deleted](/repositories/creating-and-managing-repositories/deleting-a-repository).{% ifversion fpt or ghec %} +| `disable` | Triggered when a repository is disabled (e.g., for [insufficient funds](/billing/managing-your-github-billing-settings/unlocking-a-locked-account)).{% endif %} +| `download_zip` | A source code archive of a repository was downloaded as a ZIP file. For more information, see "[AUTOTITLE](/repositories/working-with-files/using-files/downloading-source-code-archives)." +| `enable` | Triggered when a repository is re-enabled.{% ifversion fpt or ghes or ghec %} +| `remove_actions_secret` | Triggered when a {% data variables.product.prodname_actions %} secret is removed.{% endif %} +| `remove_member` | Triggered when a user is [removed from a repository as a collaborator](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository). +| `register_self_hosted_runner` | Triggered when a new self-hosted runner is registered. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository)." +| `remove_self_hosted_runner` | Triggered when a self-hosted runner is removed. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository)." +| `remove_topic` | Triggered when a repository admin removes a topic from a repository. +| `rename` | Triggered when [a repository is renamed](/repositories/creating-and-managing-repositories/renaming-a-repository). +| `self_hosted_runner_online` | Triggered when the runner application is started. Can only be viewed using the REST API; not visible in the UI or JSON/CSV export. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner)." +| `self_hosted_runner_offline` | Triggered when the runner application is stopped. Can only be viewed using the REST API; not visible in the UI or JSON/CSV export. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner)."{% ifversion fpt or ghes or ghec %} +| `self_hosted_runner_updated` | Triggered when the runner application is updated. Can be viewed using the REST API and the UI; not visible in the JSON/CSV export. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners)."{% endif %}{% ifversion fpt or ghec %} +| `set_actions_fork_pr_approvals_policy` | Triggered when the setting for requiring approvals for workflows from public forks is changed. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks)."{% endif %} +| `set_actions_retention_limit` | Triggered when the retention period for {% data variables.product.prodname_actions %} artifacts and logs is changed. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository)."{% ifversion fpt or ghes or ghec %} +| `set_fork_pr_workflows_policy` | Triggered when the policy for workflows on private repository forks is changed. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks)."{% endif %} +| `staff_unlock` | Triggered when an enterprise owner or {% data variables.contact.github_support %} (with permission from a repository administrator) temporarily unlocked the repository. The visibility of the repository isn't changed. +| `transfer` | Triggered when [a repository is transferred](/repositories/creating-and-managing-repositories/transferring-a-repository). +| `transfer_start` | Triggered when a repository transfer is about to occur. +| `unarchived` | Triggered when a repository admin unarchives a repository.{% ifversion fpt or ghes or ghec %} +| `update_actions_secret` | Triggered when a {% data variables.product.prodname_actions %} secret is updated.{% endif %} + +{% ifversion fpt or ghec %} + +## `repository_advisory` category actions + +| Action | Description +|------------------|------------------- +| `close` | Triggered when someone closes a security advisory. For more information, see "[AUTOTITLE](/code-security/security-advisories/repository-security-advisories/about-repository-security-advisories)." +| `cve_request` | Triggered when someone requests a CVE (Common Vulnerabilities and Exposures) number from {% data variables.product.prodname_dotcom %} for a draft security advisory. +| `github_broadcast` | Triggered when {% data variables.product.prodname_dotcom %} makes a security advisory public in the {% data variables.product.prodname_advisory_database %}. +| `github_withdraw` | Triggered when {% data variables.product.prodname_dotcom %} withdraws a security advisory that was published in error. +| `open` | Triggered when someone opens a draft security advisory. +| `publish` | Triggered when someone publishes a security advisory. +| `reopen` | Triggered when someone reopens as draft security advisory. +| `update` | Triggered when someone edits a draft or published security advisory. + +## `repository_content_analysis` category actions + +| Action | Description +|------------------|------------------- +| `enable` | Triggered when an organization owner or person with admin access to the repository [enables data use settings for a private repository](/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository). +| `disable` | Triggered when an organization owner or person with admin access to the repository [disables data use settings for a private repository](/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository). + +{% endif %}{% ifversion fpt or ghec %} + +## `repository_dependency_graph` category actions + +| Action | Description +|------------------|------------------- +| `disable` | Triggered when a repository owner or person with admin access to the repository disables the dependency graph for a {% ifversion fpt or ghec %}private {% endif %}repository. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)." +| `enable` | Triggered when a repository owner or person with admin access to the repository enables the dependency graph for a {% ifversion fpt or ghec %}private {% endif %}repository. + +{% endif %} + +## `repository_invitation` category actions + +| Action | Description +|--------|------------- +| `repository_invitation.accept` | An invitation to join a repository was accepted. +| `repository_invitation.cancel` | An invitation to join a repository was canceled. +| `repository_invitation.create` | An invitation to join a repository was sent. +| `repository_invitation.reject` | An invitation to join a repository was declined. + +{% ifversion ghec or ghes or ghae %} +## `repository_secret_scanning` category actions + +| Action | Description +|------------------|------------------- +| `disable` | Triggered when a repository owner or person with admin access to the repository disables {% data variables.product.prodname_secret_scanning %} for a repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)." +| `enable` | Triggered when a repository owner or person with admin access to the repository enables {% data variables.product.prodname_secret_scanning %} for a repository. + +{% endif %}{% ifversion secret-scanning-audit-log-custom-patterns %} + +## `repository_secret_scanning_custom_pattern` category actions + +| Action | Description +|------------------|------------------- +| `create` | Triggered when a custom pattern is published for {% data variables.product.prodname_secret_scanning %} in a repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository)." +| `update` | Triggered when changes to a custom pattern are saved for {% data variables.product.prodname_secret_scanning %} in a repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#editing-a-custom-pattern)." +| `delete` | Triggered when a custom pattern is removed from {% data variables.product.prodname_secret_scanning %} in a repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#removing-a-custom-pattern)." + +{% endif %}{% ifversion secret-scanning-custom-pattern-push-protection-audit %} + +## `repository_secret_scanning_custom_pattern_push_protection` category actions + +| Action | Description +|------------------|------------------- +| `enable` | Triggered when a repository owner or person with admin access to a repository enables push protection for a custom pattern for {% data variables.product.prodname_secret_scanning %}. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository)." +| `disable` | Triggered when a repository owner or person with admin access to a repository disables push protection for a custom pattern for {% data variables.product.prodname_secret_scanning %}. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository)." + +{% endif %}{% ifversion secret-scanning-audit-log-custom-patterns %} + +## `repository_secret_scanning_push_protection` category actions + +| Action | Description +|------------------|------------------- +| `disable` | Triggered when a repository owner or person with admin access to the repository disables {% data variables.product.prodname_secret_scanning %} for a repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)." +| `enable` | Triggered when a repository owner or person with admin access to the repository enables {% data variables.product.prodname_secret_scanning %} for a repository. + +{% endif %} +## `repository_vulnerability_alert` category actions + +| Action | Description +|------------------|------------------- +| `create` | Triggered when {% data variables.product.product_name %} creates a {% data variables.product.prodname_dependabot %} alert for a repository that uses a vulnerable dependency. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)." +| `dismiss` | Triggered when an organization owner or person with admin{% ifversion dependabot-alerts-permissions-write-maintain %}, write, or maintain{% endif %} access to the repository dismisses a {% data variables.product.prodname_dependabot %} alert about a vulnerable dependency. +| `resolve` | Triggered when someone with write {% ifversion dependabot-alerts-permissions-write-maintain %}or maintain{% endif %} access to a repository pushes changes to update and resolve a vulnerability in a project dependency. +{% ifversion fpt or ghec %} +## `repository_vulnerability_alerts` category actions + +| Action | Description +|------------------|------------------- +| `authorized_users_teams` | Triggered when an organization owner or a person with admin permissions to the repository updates the list of people or teams authorized to receive {% data variables.product.prodname_dependabot_alerts %} for the repository. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)." +| `disable` | Triggered when a repository owner or person with admin access to the repository disables {% data variables.product.prodname_dependabot_alerts %}. +| `enable` | Triggered when a repository owner or person with admin access to the repository enables {% data variables.product.prodname_dependabot_alerts %}. + +{% endif %}{% ifversion custom-repository-roles %} +## `role` category actions +| Action | Description +|------------------|------------------- +|`create` | Triggered when an organization owner creates a new custom repository role. For more information, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization)." +|`destroy` | Triggered when an organization owner deletes a custom repository role. For more information, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization)." +|`update` | Triggered when an organization owner edits an existing custom repository role. For more information, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization)." + +{% endif %} +{% ifversion ghec or ghes or ghae %} +## `secret_scanning` category actions + +| Action | Description +|------------------|------------------- +| `disable` | Triggered when an organization owner disables {% data variables.product.prodname_secret_scanning %} for all existing{% ifversion ghec %}, private or internal{% endif %} repositories. For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)." +| `enable` | Triggered when an organization owner enables {% data variables.product.prodname_secret_scanning %} for all existing{% ifversion ghec %}, private or internal{% endif %} repositories. +{% endif %} + +{% ifversion secret-scanning-alert-audit-log %} +## `secret_scanning_alert` category actions + +| Action | Description +|------------------|------------------- +| `create` | Triggered when {% data variables.product.prodname_dotcom %} detects an exposed secret and creates a {% data variables.product.prodname_secret_scanning %} alert. For more information, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning)." +| `reopen` | Triggered when a user reopens a {% data variables.product.prodname_secret_scanning %} alert. +| `resolve` | Triggered when a user resolves a {% data variables.product.prodname_secret_scanning %} alert. +{% endif %} + +{% ifversion ghec or ghes or ghae %} +## `secret_scanning_new_repos` category actions + +| Action | Description +|------------------|------------------- +| `disable` | Triggered when an organization owner disables {% data variables.product.prodname_secret_scanning %} for all new {% ifversion ghec %}private or internal {% endif %}repositories. For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)." +| `enable` | Triggered when an organization owner enables {% data variables.product.prodname_secret_scanning %} for all new {% ifversion ghec %}private or internal {% endif %}repositories. +{% endif %} + +{% ifversion secret-scanning-push-protection-bypasses %} +## `secret_scanning_push_protection` category actions + +| Action | Description +|------------------|------------------- +| `bypass` | Triggered when a user bypasses the push protection on a secret detected by {% data variables.product.prodname_secret_scanning %}. For more information, see "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning#bypassing-push-protection-for-a-secret)." +{% endif %} + +{% ifversion fpt or ghec %} +## `sponsors` category actions + +| Action | Description +|------------------|------------------- +| `custom_amount_settings_change` | Triggered when you enable or disable custom amounts, or when you change the suggested custom amount (see "[AUTOTITLE](/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers)") +| `repo_funding_links_file_action` | Triggered when you change the FUNDING file in your repository (see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository)") +| `sponsor_sponsorship_cancel` | Triggered when you cancel a sponsorship (see "[AUTOTITLE](/billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship)") +| `sponsor_sponsorship_create` | Triggered when you sponsor an account (see "[AUTOTITLE](/sponsors/sponsoring-open-source-contributors/sponsoring-an-open-source-contributor)") +| `sponsor_sponsorship_payment_complete` | Triggered after you sponsor an account and your payment has been processed (see "[AUTOTITLE](/sponsors/sponsoring-open-source-contributors/sponsoring-an-open-source-contributor)") +| `sponsor_sponsorship_preference_change` | Triggered when you change whether you receive email updates from a sponsored account (see "[AUTOTITLE](/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship)") +| `sponsor_sponsorship_tier_change` | Triggered when you upgrade or downgrade your sponsorship (see "[AUTOTITLE](/billing/managing-billing-for-github-sponsors/upgrading-a-sponsorship)" and "[AUTOTITLE](/billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship)") +| `sponsored_developer_approve` | Triggered when your {% data variables.product.prodname_sponsors %} account is approved (see "[AUTOTITLE](/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-organization)") +| `sponsored_developer_create` | Triggered when your {% data variables.product.prodname_sponsors %} account is created (see "[AUTOTITLE](/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-organization)") +| `sponsored_developer_disable` | Triggered when your {% data variables.product.prodname_sponsors %} account is disabled +| `sponsored_developer_redraft` | Triggered when your {% data variables.product.prodname_sponsors %} account is returned to draft state from approved state +| `sponsored_developer_profile_update` | Triggered when you edit your sponsored organization profile (see "[AUTOTITLE](/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors)") +| `sponsored_developer_request_approval` | Triggered when you submit your application for {% data variables.product.prodname_sponsors %} for approval (see "[AUTOTITLE](/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-organization)") +| `sponsored_developer_tier_description_update` | Triggered when you change the description for a sponsorship tier (see "[AUTOTITLE](/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers)") +| `sponsored_developer_update_newsletter_send` | Triggered when you send an email update to your sponsors (see "[AUTOTITLE](/sponsors/receiving-sponsorships-through-github-sponsors/contacting-your-sponsors)") +| `waitlist_invite_sponsored_developer` | Triggered when you are invited to join {% data variables.product.prodname_sponsors %} from the waitlist (see "[AUTOTITLE](/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-organization)") +| `waitlist_join` | Triggered when you join the waitlist to become a sponsored organization (see "[AUTOTITLE](/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-organization)") +{% endif %} + +## `team` category actions + +| Action | Description +|------------------|------------------- +| `add_member` | Triggered when a member of an organization is [added to a team](/organizations/organizing-members-into-teams/adding-organization-members-to-a-team). +| `add_repository` | Triggered when a team is given control of a repository. +| `change_parent_team` | Triggered when a child team is created or [a child team's parent is changed](/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy). +| `change_privacy` | Triggered when a team's privacy level is changed. +| `create` | Triggered when a new team is created. +| `demote_maintainer` | Triggered when a user was demoted from a team maintainer to a team member. For more information, see "[AUTOTITLE](/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member)." +| `destroy` | Triggered when a team is deleted from the organization. +| `team.promote_maintainer` | Triggered when a user was promoted from a team member to a team maintainer. For more information, see "[AUTOTITLE](/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member)." +| `remove_member` | Triggered when a member of an organization is [removed from a team](/organizations/organizing-members-into-teams/removing-organization-members-from-a-team). +| `remove_repository` | Triggered when a repository is no longer under a team's control. + +## `team_discussions` category actions + +| Action | Description +|---|---| +| `disable` | Triggered when an organization owner disables team discussions for an organization. For more information, see "[AUTOTITLE](/organizations/organizing-members-into-teams/disabling-team-discussions-for-your-organization)." +| `enable` | Triggered when an organization owner enables team discussions for an organization. + +## `workflows` category actions + +{% data reusables.actions.actions-audit-events-workflow %} diff --git a/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/index.md b/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/index.md index 0aa25f0a59a0..e70881aadaee 100644 --- a/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/index.md +++ b/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/index.md @@ -16,5 +16,6 @@ children: - /restricting-email-notifications-for-your-organization - /reviewing-the-audit-log-for-your-organization - /displaying-ip-addresses-in-the-audit-log-for-your-organization + - /audit-log-events-for-your-organization - /accessing-compliance-reports-for-your-organization --- diff --git a/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md b/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md index ea1b50db648a..185d67f6a8f3 100644 --- a/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md +++ b/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md @@ -32,62 +32,63 @@ The audit log lists events triggered by activities that affect your organization ### Search based on the action performed -To search for specific events, use the `action` qualifier in your query. Actions listed in the audit log are grouped in different categories. +To search for specific events, use the `action` qualifier in your query. Actions listed in the audit log are grouped in different categories. For the full list of events in each category, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization)." + | Category name | Description |------------------|-------------------{% ifversion fpt or ghec %} -| [`account`](#account-category-actions) | Contains all activities related to your organization account.{% endif %}{% ifversion fpt or ghec %} -| [`advisory_credit`](#advisory_credit-category-actions) | Contains all activities related to crediting a contributor for a security advisory in the {% data variables.product.prodname_advisory_database %}. For more information, see "[AUTOTITLE](/code-security/security-advisories/repository-security-advisories/about-repository-security-advisories)."{% endif %}{% ifversion pat-v2%} -| [`auto_approve_personal_access_token_requests`](#auto_approve_personal_access_token_requests-category-actions) | Contains activities related to your organization's approval policy for {% data variables.product.pat_v2 %}s. For more information, see "[AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization)."{% endif %}{% ifversion fpt or ghec %} -| [`billing`](#billing-category-actions) | Contains all activities related to your organization's billing.{% endif %}{% ifversion fpt or ghec %} -| [`business`](#business-category-actions) | Contains activities related to business settings for an enterprise. |{% endif %}{% ifversion fpt or ghec %} -| [`codespaces`](#codespaces-category-actions) | Contains all activities related to your organization's codespaces. |{% endif %} -| [`dependabot_alerts`](#dependabot_alerts-category-actions) | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_alerts %} in existing repositories. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)." -| [`dependabot_alerts_new_repos`](#dependabot_alerts_new_repos-category-actions) | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_alerts %} in new repositories created in the organization.{% ifversion fpt or ghec or ghes %} -| [`dependabot_security_updates`](#dependabot_security_updates-category-actions) | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_security_updates %} in existing repositories. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates)." -| [`dependabot_security_updates_new_repos`](#dependabot_security_updates_new_repos-category-actions) | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_security_updates %} for new repositories created in the organization.{% endif %}{% ifversion fpt or ghec %} -| [`dependency_graph`](#dependency_graph-category-actions) | Contains organization-level configuration activities for dependency graphs for repositories. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)." -| [`dependency_graph_new_repos`](#dependency_graph_new_repos-category-actions) | Contains organization-level configuration activities for new repositories created in the organization.{% endif %} -| [`discussion_post`](#discussion_post-category-actions) | Contains all activities related to discussions posted to a team page. -| [`discussion_post_reply`](#discussion_post_reply-category-actions) | Contains all activities related to replies to discussions posted to a team page.{% ifversion fpt or ghes or ghec %} -| [`enterprise`](#enterprise-category-actions) | Contains activities related to enterprise settings. |{% endif %} -| [`hook`](#hook-category-actions) | Contains all activities related to webhooks. -| [`integration_installation`](#integration_installation-category-actions) | Contains activities related to integrations installed in an account. | -| [`integration_installation_request`](#integration_installation_request-category-actions) | Contains all activities related to organization member requests for owners to approve integrations for use in the organization. |{% ifversion ghec or ghae %} -| [`ip_allow_list`](#ip_allow_list-category-actions) | Contains activities related to enabling or disabling the IP allow list for an organization. -| [`ip_allow_list_entry`](#ip_allow_list_entry-category-actions) | Contains activities related to the creation, deletion, and editing of an IP allow list entry for an organization.{% endif %} -| [`issue`](#issue-category-actions) | Contains activities related to deleting an issue. {% ifversion fpt or ghec %} -| [`marketplace_agreement_signature`](#marketplace_agreement_signature-category-actions) | Contains all activities related to signing the {% data variables.product.prodname_marketplace %} Developer Agreement. -| [`marketplace_listing`](#marketplace_listing-category-actions) | Contains all activities related to listing apps in {% data variables.product.prodname_marketplace %}.{% endif %}{% ifversion fpt or ghes or ghec %} -| [`members_can_create_pages`](#members_can_create_pages-category-actions) | Contains all activities related to managing the publication of {% data variables.product.prodname_pages %} sites for repositories in the organization. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization)." | {% endif %} -| [`org`](#org-category-actions) | Contains activities related to organization membership.{% ifversion ghec %} -| [`org_credential_authorization`](#org_credential_authorization-category-actions) | Contains all activities related to authorizing credentials for use with SAML single sign-on.{% endif %}{% ifversion secret-scanning-audit-log-custom-patterns %} -| [`org_secret_scanning_custom_pattern`](#org_secret_scanning_custom_pattern-category-actions) | Contains organization-level activities related to {% data variables.product.prodname_secret_scanning %} custom patterns. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)." {% endif %} -| [`organization_default_label`](#organization_default_label-category-actions) | Contains all activities related to default labels for repositories in your organization. -| [`oauth_application`](#oauth_application-category-actions) | Contains all activities related to OAuth Apps. -| [`packages`](#packages-category-actions) | Contains all activities related to {% data variables.product.prodname_registry %}.{% ifversion fpt or ghec %} -| [`payment_method`](#payment_method-category-actions) | Contains all activities related to how your organization pays for GitHub.{% endif %}{% ifversion pat-v2%} -| [`personal_access_token`](#personal_access_token-category-actions) | Contains activities related to {% data variables.product.pat_v2 %}s in your organization. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)."{% endif %} -| [`profile_picture`](#profile_picture-category-actions) | Contains all activities related to your organization's profile picture. -| [`project`](#project-category-actions) | Contains all activities related to project boards. -| [`protected_branch`](#protected_branch-category-actions) | Contains all activities related to protected branches. -| [`repo`](#repo-category-actions) | Contains activities related to the repositories owned by your organization.{% ifversion fpt or ghec %} -| [`repository_advisory`](#repository_advisory-category-actions) | Contains repository-level activities related to security advisories in the {% data variables.product.prodname_advisory_database %}. For more information, see "[AUTOTITLE](/code-security/security-advisories/repository-security-advisories/about-repository-security-advisories)." -| [`repository_content_analysis`](#repository_content_analysis-category-actions) | Contains all activities related to [enabling or disabling data use for a private repository](/get-started/privacy-on-github/about-githubs-use-of-your-data).{% endif %}{% ifversion fpt or ghec %} -| [`repository_dependency_graph`](#repository_dependency_graph-category-actions) | Contains repository-level activities related to enabling or disabling the dependency graph for a {% ifversion fpt or ghec %}private {% endif %}repository. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)."{% endif %}{% ifversion ghes or ghae or ghec %} -| [`repository_secret_scanning`](#repository_secret_scanning-category-actions) | Contains repository-level activities related to {% data variables.product.prodname_secret_scanning %}. For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)." {% endif %}{% ifversion secret-scanning-audit-log-custom-patterns %} -| [`repository_secret_scanning_custom_pattern`](#repository_secret_scanning_custom_pattern-category-actions) | Contains repository-level activities related to {% data variables.product.prodname_secret_scanning %} custom patterns. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)." {% endif %}{% ifversion secret-scanning-custom-pattern-push-protection-audit %} -| [`repository_secret_scanning_custom_pattern_push_protection`](#repository_secret_scanning_custom_pattern_push_protection-category-actions) | Contains repository-level activities related to push protection of a custom pattern for {% data variables.product.prodname_secret_scanning %}. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository)."{% endif %}{% ifversion secret-scanning-audit-log-custom-patterns %} -| [`repository_secret_scanning_push_protection`](#repository_secret_scanning_push_protection-category-actions) | Contains repository-level activities related to {% data variables.product.prodname_secret_scanning %} custom patterns. For more information, see "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)." {% endif %} -| [`repository_vulnerability_alert`](#repository_vulnerability_alert-category-actions) | Contains all activities related to [{% data variables.product.prodname_dependabot_alerts %}](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).{% ifversion fpt or ghec %} -| [`repository_vulnerability_alerts`](#repository_vulnerability_alerts-category-actions) | Contains repository-level configuration activities for {% data variables.product.prodname_dependabot_alerts %}.{% endif %}{% ifversion custom-repository-roles %} -| [`role`](#role-category-actions) | Contains all activities related to [custom repository roles](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization).{% endif %}{% ifversion ghes or ghae or ghec %} -| [`secret_scanning`](#secret_scanning-category-actions) | Contains organization-level configuration activities for {% data variables.product.prodname_secret_scanning %} in existing repositories. For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)." -| [`secret_scanning_new_repos`](#secret_scanning_new_repos-category-actions) | Contains organization-level configuration activities for {% data variables.product.prodname_secret_scanning %} for new repositories created in the organization. {% endif %}{% ifversion fpt or ghec %} -| [`sponsors`](#sponsors-category-actions) | Contains all events related to sponsor buttons (see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository)"){% endif %} -| [`team`](#team-category-actions) | Contains all activities related to teams in your organization. -| [`team_discussions`](#team_discussions-category-actions) | Contains activities related to managing team discussions for an organization. -| [`workflows`](#workflows-category-actions) | Contains activities related to {% data variables.product.prodname_actions %} workflows. +| `account` | Contains all activities related to your organization account.{% endif %}{% ifversion fpt or ghec %} +| `advisory_credit` | Contains all activities related to crediting a contributor for a security advisory in the {% data variables.product.prodname_advisory_database %}. For more information, see "[AUTOTITLE](/code-security/security-advisories/repository-security-advisories/about-repository-security-advisories)."{% endif %}{% ifversion pat-v2%} +| `auto_approve_personal_access_token_requests` | Contains activities related to your organization's approval policy for {% data variables.product.pat_v2 %}s. For more information, see "[AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization)."{% endif %}{% ifversion fpt or ghec %} +| `billing` | Contains all activities related to your organization's billing.{% endif %}{% ifversion fpt or ghec %} +| `business` | Contains activities related to business settings for an enterprise. |{% endif %}{% ifversion fpt or ghec %} +| `codespaces` | Contains all activities related to your organization's codespaces. |{% endif %} +| `dependabot_alerts` | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_alerts %} in existing repositories. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)." +| `dependabot_alerts_new_repos` | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_alerts %} in new repositories created in the organization.{% ifversion fpt or ghec or ghes %} +| `dependabot_security_updates` | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_security_updates %} in existing repositories. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates)." +| `dependabot_security_updates_new_repos` | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_security_updates %} for new repositories created in the organization.{% endif %}{% ifversion fpt or ghec %} +| `dependency_graph` | Contains organization-level configuration activities for dependency graphs for repositories. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)." +| `dependency_graph_new_repos` | Contains organization-level configuration activities for new repositories created in the organization.{% endif %} +| `discussion_post` | Contains all activities related to discussions posted to a team page. +| `discussion_post_reply` | Contains all activities related to replies to discussions posted to a team page.{% ifversion fpt or ghes or ghec %} +| `enterprise` | Contains activities related to enterprise settings. |{% endif %} +| `hook` | Contains all activities related to webhooks. +| `integration_installation` | Contains activities related to integrations installed in an account. | +| `integration_installation_request` | Contains all activities related to organization member requests for owners to approve integrations for use in the organization. |{% ifversion ghec or ghae %} +| `ip_allow_list` | Contains activities related to enabling or disabling the IP allow list for an organization. +| `ip_allow_list_entry` | Contains activities related to the creation, deletion, and editing of an IP allow list entry for an organization.{% endif %} +| `issue` | Contains activities related to deleting an issue. {% ifversion fpt or ghec %} +| `marketplace_agreement_signature` | Contains all activities related to signing the {% data variables.product.prodname_marketplace %} Developer Agreement. +| `marketplace_listing` | Contains all activities related to listing apps in {% data variables.product.prodname_marketplace %}.{% endif %}{% ifversion fpt or ghes or ghec %} +| `members_can_create_pages` | Contains all activities related to managing the publication of {% data variables.product.prodname_pages %} sites for repositories in the organization. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization)." | {% endif %} +| `org` | Contains activities related to organization membership.{% ifversion ghec %} +| `org_credential_authorization` | Contains all activities related to authorizing credentials for use with SAML single sign-on.{% endif %}{% ifversion secret-scanning-audit-log-custom-patterns %} +| `org_secret_scanning_custom_pattern` | Contains organization-level activities related to {% data variables.product.prodname_secret_scanning %} custom patterns. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)." {% endif %} +| `organization_default_label` | Contains all activities related to default labels for repositories in your organization. +| `oauth_application` | Contains all activities related to OAuth Apps. +| `packages` | Contains all activities related to {% data variables.product.prodname_registry %}.{% ifversion fpt or ghec %} +| `payment_method` | Contains all activities related to how your organization pays for GitHub.{% endif %}{% ifversion pat-v2%} +| `personal_access_token` | Contains activities related to {% data variables.product.pat_v2 %}s in your organization. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)."{% endif %} +| `profile_picture`| Contains all activities related to your organization's profile picture. +| `project` | Contains all activities related to project boards. +| `protected_branch` | Contains all activities related to protected branches. +| `repo` | Contains activities related to the repositories owned by your organization.{% ifversion fpt or ghec %} +| `repository_advisory` | Contains repository-level activities related to security advisories in the {% data variables.product.prodname_advisory_database %}. For more information, see "[AUTOTITLE](/code-security/security-advisories/repository-security-advisories/about-repository-security-advisories)." +| `repository_content_analysis` | Contains all activities related to [enabling or disabling data use for a private repository](/get-started/privacy-on-github/about-githubs-use-of-your-data).{% endif %}{% ifversion fpt or ghec %} +| `repository_dependency_graph` | Contains repository-level activities related to enabling or disabling the dependency graph for a {% ifversion fpt or ghec %}private {% endif %}repository. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)."{% endif %}{% ifversion ghes or ghae or ghec %} +| `repository_secret_scanning` | Contains repository-level activities related to {% data variables.product.prodname_secret_scanning %}. For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)." {% endif %}{% ifversion secret-scanning-audit-log-custom-patterns %} +| `repository_secret_scanning_custom_pattern` | Contains repository-level activities related to {% data variables.product.prodname_secret_scanning %} custom patterns. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)." {% endif %}{% ifversion secret-scanning-custom-pattern-push-protection-audit %} +| `repository_secret_scanning_custom_pattern_push_protection`| Contains repository-level activities related to push protection of a custom pattern for {% data variables.product.prodname_secret_scanning %}. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository)."{% endif %}{% ifversion secret-scanning-audit-log-custom-patterns %} +| `repository_secret_scanning_push_protection` | Contains repository-level activities related to {% data variables.product.prodname_secret_scanning %} custom patterns. For more information, see "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)." {% endif %} +| `repository_vulnerability_alert` | Contains all activities related to [{% data variables.product.prodname_dependabot_alerts %}](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).{% ifversion fpt or ghec %} +| `repository_vulnerability_alerts` | Contains repository-level configuration activities for {% data variables.product.prodname_dependabot_alerts %}.{% endif %}{% ifversion custom-repository-roles %} +| `role` | Contains all activities related to [custom repository roles](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization).{% endif %}{% ifversion ghes or ghae or ghec %} +| `secret_scanning` | Contains organization-level configuration activities for {% data variables.product.prodname_secret_scanning %} in existing repositories. For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)." +| `secret_scanning_new_repos` | Contains organization-level configuration activities for {% data variables.product.prodname_secret_scanning %} for new repositories created in the organization. {% endif %}{% ifversion fpt or ghec %} +| `sponsors`| Contains all events related to sponsor buttons (see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository)"){% endif %} +| `team` | Contains all activities related to teams in your organization. +| `team_discussions` | Contains activities related to managing team discussions for an organization. +| `workflows` | Contains activities related to {% data variables.product.prodname_actions %} workflows. You can search for specific sets of actions using these terms. For example: @@ -185,723 +186,7 @@ For more information about the audit log REST API, see "[AUTOTITLE](/rest/orgs#g {% endif %} {% endif %} -## Audit log actions - -An overview of some of the most common actions that are recorded as events in the audit log. - -{% ifversion fpt or ghec %} -### `account` category actions - -| Action | Description -|------------------|------------------- -| `billing_plan_change` | Triggered when an organization's [billing cycle](/billing/managing-your-github-billing-settings/changing-the-duration-of-your-billing-cycle) changes. -| `plan_change` | Triggered when an organization's [subscription](/billing/managing-billing-for-your-github-account/about-billing-for-github-accounts) changes. -| `pending_plan_change` | Triggered when an organization owner or billing manager [cancels or downgrades a paid subscription](/billing/managing-billing-for-your-github-account/how-does-upgrading-or-downgrading-affect-the-billing-process). -| `pending_subscription_change` | Triggered when a [{% data variables.product.prodname_marketplace %} free trial starts or expires](/billing/managing-billing-for-github-marketplace-apps/about-billing-for-github-marketplace). -{% endif %} - -{% ifversion fpt or ghec %} -### `advisory_credit` category actions - -| Action | Description -|------------------|------------------- -| `accept` | Triggered when someone accepts credit for a security advisory. For more information, see "[AUTOTITLE](/code-security/security-advisories/repository-security-advisories/editing-a-repository-security-advisory)." -| `create` | Triggered when the administrator of a security advisory adds someone to the credit section. -| `decline` | Triggered when someone declines credit for a security advisory. -| `destroy` | Triggered when the administrator of a security advisory removes someone from the credit section. -{% endif %} - -{% ifversion pat-v2 %} - -### `auto_approve_personal_access_token_requests` category actions - -| Action | Description -|------------------|------------------- -| `disable` | Triggered when the organization must approve {% data variables.product.pat_v2 %}s before the tokens can access organization resources. For more information, see "[AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization)." -| `enable` | Triggered when {% data variables.product.pat_v2 %}s can access organization resources without prior approval. For more information, see "[AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization)." - -{% endif %} - -{% ifversion fpt or ghec %} -### `billing` category actions - -| Action | Description -|------------------|------------------- -| `change_billing_type` | Triggered when your organization [changes how it pays for {% data variables.product.prodname_dotcom %}](/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method). -| `change_email` | Triggered when your organization's [billing email address](/billing/managing-your-github-billing-settings/setting-your-billing-email) changes. -{% endif %} - -### `business` category actions - -| Action | Description -|------------------|-------------------{% ifversion fpt or ghec %} -| `set_actions_fork_pr_approvals_policy` | Triggered when the setting for requiring approvals for workflows from public forks is changed for an enterprise. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-your-enterprise)."{% endif %} -| `set_actions_retention_limit` | Triggered when the retention period for {% data variables.product.prodname_actions %} artifacts and logs is changed for an enterprise. For more information, see "[Enforcing policies for {% data variables.product.prodname_actions %} in your enterprise]({% ifversion fpt %}/enterprise-cloud@latest{% endif %}/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-artifact-and-log-retention-in-your-enterprise)."{% ifversion fpt or ghes or ghec %} -| `set_fork_pr_workflows_policy` | Triggered when the policy for workflows on private repository forks is changed. For more information, see "{% ifversion fpt or ghec%}[Enforcing policies for {% data variables.product.prodname_actions %} in your enterprise]({% ifversion fpt %}/enterprise-cloud@latest{% endif %}/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-fork-pull-requests-in-private-repositories){% else ifversion ghes > 2.22 %}[Enabling workflows for private repository forks](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enabling-workflows-for-private-repository-forks){% endif %}."{% endif %} - -{% ifversion fpt or ghec %} -### `codespaces` category actions - -| Action | Description -|------------------|------------------- -| `create` | Triggered when a user [creates a codespace](/codespaces/developing-in-codespaces/creating-a-codespace-for-a-repository). -| `resume` | Triggered when a user resumes a suspended codespace. -| `delete` | Triggered when a user [deletes a codespace](/codespaces/developing-in-codespaces/deleting-a-codespace). -| `create_an_org_secret` | Triggered when a user creates an organization-level [secret for {% data variables.product.prodname_github_codespaces %}](/codespaces/managing-your-codespaces/managing-encrypted-secrets-for-your-codespaces#about-encrypted-secrets-for-codespaces) -| `update_an_org_secret` | Triggered when a user updates an organization-level [secret for {% data variables.product.prodname_github_codespaces %}](/codespaces/managing-your-codespaces/managing-encrypted-secrets-for-your-codespaces#about-encrypted-secrets-for-codespaces). -| `remove_an_org_secret` | Triggered when a user removes an organization-level [secret for {% data variables.product.prodname_github_codespaces %}](/codespaces/managing-your-codespaces/managing-encrypted-secrets-for-your-codespaces#about-encrypted-secrets-for-codespaces). -| `manage_access_and_security` | Triggered when a user updates [which repositories a codespace can access](/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces). -{% endif %} - -### `dependabot_alerts` category actions - -| Action | Description -|------------------|------------------- -| `disable` | Triggered when an organization owner disables {% data variables.product.prodname_dependabot_alerts %} for all existing {% ifversion fpt or ghec %}private {% endif %}repositories. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)." -| `enable` | Triggered when an organization owner enables {% data variables.product.prodname_dependabot_alerts %} for all existing {% ifversion fpt or ghec %}private {% endif %}repositories. - -### `dependabot_alerts_new_repos` category actions - -| Action | Description -|------------------|------------------- -| `disable` | Triggered when an organization owner disables {% data variables.product.prodname_dependabot_alerts %} for all new {% ifversion fpt or ghec %}private {% endif %}repositories. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)." -| `enable` | Triggered when an organization owner enables {% data variables.product.prodname_dependabot_alerts %} for all new {% ifversion fpt or ghec %}private {% endif %}repositories. - -{% ifversion fpt or ghec or ghes %} -### `dependabot_security_updates` category actions - -| Action | Description -|------------------|------------------- -| `disable` | Triggered when an organization owner disables {% data variables.product.prodname_dependabot_security_updates %} for all existing repositories. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)." -| `enable` | Triggered when an organization owner enables {% data variables.product.prodname_dependabot_security_updates %} for all existing repositories. - -### `dependabot_security_updates_new_repos` category actions - -| Action | Description -|------------------|------------------- -| `disable` | Triggered when an organization owner disables {% data variables.product.prodname_dependabot_security_updates %} for all new repositories. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)." -| `enable` | Triggered when an organization owner enables {% data variables.product.prodname_dependabot_security_updates %} for all new repositories. -{% endif %} - -{% ifversion fpt or ghec %} -### `dependency_graph` category actions - -| Action | Description -|------------------|------------------- -| `disable` | Triggered when an organization owner disables the dependency graph for all existing repositories. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)." -| `enable` | Triggered when an organization owner enables the dependency graph for all existing repositories. - -### `dependency_graph_new_repos` category actions - -| Action | Description -|------------------|------------------- -| `disable` | Triggered when an organization owner disables the dependency graph for all new repositories. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)." -| `enable` | Triggered when an organization owner enables the dependency graph for all new repositories. -{% endif %} - -### `discussion_post` category actions - -| Action | Description -|------------------|------------------- -| `update` | Triggered when [a team discussion post is edited](/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment). -| `destroy` | Triggered when [a team discussion post is deleted](/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment). - -### `discussion_post_reply` category actions - -| Action | Description -|------------------|------------------- -| `update` | Triggered when [a reply to a team discussion post is edited](/communities/moderating-comments-and-conversations/managing-disruptive-comments#editing-a-comment). -| `destroy` | Triggered when [a reply to a team discussion post is deleted](/communities/moderating-comments-and-conversations/managing-disruptive-comments#deleting-a-comment). - -{% ifversion fpt or ghes or ghec %} -### `enterprise` category actions - -{% data reusables.actions.actions-audit-events-for-enterprise %} - -{% endif %} - -{% ifversion fpt or ghec %} -### `environment` category actions - -| Action | Description -|------------------|------------------- -| `create_actions_secret` | Triggered when a secret is created in an environment. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets)." -| `delete` | Triggered when an environment is deleted. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#deleting-an-environment)." -| `remove_actions_secret` | Triggered when a secret is removed from an environment. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets)." -| `update_actions_secret` | Triggered when a secret in an environment is updated. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets)." -{% endif %} - -{% ifversion ghae %} -### `external_group` category actions - -{% data reusables.saml.external-group-audit-events %} - -{% endif %} - -{% ifversion ghae %} -### `external_identity` category actions - -{% data reusables.saml.external-identity-audit-events %} - -{% endif %} - -{% ifversion fpt or ghec %} -### `git` category actions - -{% note %} - -**Note:** To access Git events in the audit log, you must use the audit log REST API. The audit log REST API is available for users of {% data variables.product.prodname_ghe_cloud %} only. For more information, see "[AUTOTITLE](/rest/orgs#get-the-audit-log-for-an-organization)." - -{% endnote %} - -{% data reusables.audit_log.audit-log-git-events-retention %} - -| Action | Description -|---------|---------------------------- -| `clone` | Triggered when a repository is cloned. -| `fetch` | Triggered when changes are fetched from a repository. -| `push` | Triggered when changes are pushed to a repository. - -{% endif %} - -### `hook` category actions - -| Action | Description -|------------------|------------------- -| `create` | Triggered when [a new hook was added](/get-started/exploring-integrations/about-webhooks) to a repository owned by your organization. -| `config_changed` | Triggered when an existing hook has its configuration altered. -| `destroy` | Triggered when an existing hook was removed from a repository. -| `events_changed` | Triggered when the events on a hook have been altered. - -### `integration_installation` category actions - -| Action | Description -|--------|------------- -| `contact_email_changed` | A contact email for an integration was changed. -| `create` | An integration was installed. -| `destroy` | An integration was uninstalled. -| `repositories_added` | Repositories were added to an integration. -| `repositories_removed` | Repositories were removed from an integration. -{%- ifversion fpt or ghec %} -| `suspend` | An integration was suspended. -| `unsuspend` | An integration was unsuspended. -{%- endif %} -| `version_updated` | Permissions for an integration were updated. - -### `integration_installation_request` category actions - -| Action | Description -|------------------|------------------- -| `create` | Triggered when an organization member requests that an organization owner install an integration for use in the organization. -| `close` | Triggered when a request to install an integration for use in an organization is either approved or denied by an organization owner, or canceled by the organization member who opened the request. - -{% ifversion ghec or ghae %} -### `ip_allow_list` category actions - -| Action | Description -|------------------|------------------- -| `enable` | Triggered when an IP allow list was enabled for an organization. -| `disable` | Triggered when an IP allow list was disabled for an organization. -| `enable_for_installed_apps` | Triggered when an IP allow list was enabled for installed {% data variables.product.prodname_github_apps %}. -| `disable_for_installed_apps` | Triggered when an IP allow list was disabled for installed {% data variables.product.prodname_github_apps %}. - -### `ip_allow_list_entry` category actions - -| Action | Description -|------------------|------------------- -| `create` | Triggered when an IP address was added to an IP allow list. -| `update` | Triggered when an IP address or its description was changed. -| `destroy` | Triggered when an IP address was deleted from an IP allow list. -{% endif %} - -### `issue` category actions - -| Action | Description -|------------------|------------------- -| `destroy` | Triggered when an organization owner or someone with admin permissions in a repository deletes an issue from an organization-owned repository. - -{% ifversion fpt or ghec %} - -### `marketplace_agreement_signature` category actions - -| Action | Description -|------------------|------------------- -| `create` | Triggered when you sign the {% data variables.product.prodname_marketplace %} Developer Agreement. - -### `marketplace_listing` category actions - -| Action | Description -|------------------|------------------- -| `approve` | Triggered when your listing is approved for inclusion in {% data variables.product.prodname_marketplace %}. -| `create` | Triggered when you create a listing for your app in {% data variables.product.prodname_marketplace %}. -| `delist` | Triggered when your listing is removed from {% data variables.product.prodname_marketplace %}. -| `redraft` | Triggered when your listing is sent back to draft state. -| `reject` | Triggered when your listing is not accepted for inclusion in {% data variables.product.prodname_marketplace %}. - -{% endif %} - -{% ifversion fpt or ghes or ghec %} - -### `members_can_create_pages` category actions - -For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization)." - -| Action | Description | -| :- | :- | -| `enable` | Triggered when an organization owner enables publication of {% data variables.product.prodname_pages %} sites for repositories in the organization. | -| `disable` | Triggered when an organization owner disables publication of {% data variables.product.prodname_pages %} sites for repositories in the organization. | - -{% endif %} - -### `oauth_application` category actions - -| Action | Description -|------------------|------------------- -| `create` | Triggered when a new {% data variables.product.prodname_oauth_app %} is created. -| `destroy` | Triggered when an existing {% data variables.product.prodname_oauth_app %} is deleted. -| `reset_secret` | Triggered when an {% data variables.product.prodname_oauth_app %}'s client secret is reset. -| `revoke_tokens` | Triggered when an {% data variables.product.prodname_oauth_app %}'s user tokens are revoked. -| `transfer` | Triggered when an existing {% data variables.product.prodname_oauth_app %} is transferred to a new organization. - -### `org` category actions - -| Action | Description -|------------------|------------------- -| `add_member` | Triggered when a user joins an organization. -| `advanced_security_policy_selected_member_disabled` | Triggered when an enterprise owner prevents {% data variables.product.prodname_GH_advanced_security %} features from being enabled for repositories owned by the organization. {% data reusables.advanced-security.more-information-about-enforcement-policy %} -| `advanced_security_policy_selected_member_enabled` | Triggered when an enterprise owner allows {% data variables.product.prodname_GH_advanced_security %} features to be enabled for repositories owned by the organization. {% data reusables.advanced-security.more-information-about-enforcement-policy %}{% ifversion fpt or ghec %} -| `audit_log_export` | Triggered when an organization admin [creates an export of the organization audit log](#exporting-the-audit-log). If the export included a query, the log will list the query used and the number of audit log entries matching that query. -| `block_user` | Triggered when an organization owner [blocks a user from accessing the organization's repositories](/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization). -| `cancel_invitation` | Triggered when an organization invitation has been revoked. {% endif %}{% ifversion org-enable-code-scanning %} -| `codeql_disabled` | Triggered when an organization owner or person with admin access to the organization disables {% data variables.product.prodname_code_scanning %} for repositories that use the default setup for {% data variables.product.prodname_codeql %}. -| `codeql_enabled` | Triggered when an organization owner or person with admin access to the organization enables {% data variables.product.prodname_code_scanning %} for repositories that are eligible to use the default setup for {% data variables.product.prodname_codeql %}. {% endif %}{% ifversion fpt or ghes or ghec %} -| `create_actions_secret` | Triggered when a {% data variables.product.prodname_actions %} secret is created for an organization. For more information, see "[AUTOTITLE](/actions/security-guides/encrypted-secrets#creating-encrypted-secrets-for-an-organization)."{% endif %} {% ifversion fpt or ghec %} -| `disable_oauth_app_restrictions` | Triggered when an owner [disables {% data variables.product.prodname_oauth_app %} access restrictions](/organizations/managing-oauth-access-to-your-organizations-data/disabling-oauth-app-access-restrictions-for-your-organization) for your organization.{% ifversion ghec %} -| `disable_saml` | Triggered when an organization admin disables SAML single sign-on for an organization.{% endif %}{% endif %}{% ifversion display-ip-org-audit-log %} -| `disable_source_ip_disclosure` | Triggered when an organization owner disables the display of IP addresses in the audit log for the organization. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization)." | {% endif %} -| `disable_member_team_creation_permission` | Triggered when an organization owner limits team creation to owners. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization)." |{% ifversion not ghae %} -| `disable_two_factor_requirement` | Triggered when an owner disables a two-factor authentication requirement for all members{% ifversion fpt or ghec %}, billing managers,{% endif %} and outside collaborators in an organization.{% endif %}{% ifversion fpt or ghec %} -| `enable_oauth_app_restrictions` | Triggered when an owner [enables {% data variables.product.prodname_oauth_app %} access restrictions](/organizations/managing-oauth-access-to-your-organizations-data/enabling-oauth-app-access-restrictions-for-your-organization) for your organization.{% ifversion ghec %} -| `enable_saml` | Triggered when an organization admin [enables SAML single sign-on](/organizations/managing-saml-single-sign-on-for-your-organization/enabling-and-testing-saml-single-sign-on-for-your-organization) for an organization.{% endif %}{% endif %} -| `enable_member_team_creation_permission` | Triggered when an organization owner allows members to create teams. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization)." |{% ifversion display-ip-org-audit-log %} -| `enable_source_ip_disclosure` | Triggered when an organization owner enables the display of IP addresses in the audit log for the organization. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization)." | {% endif %}{% ifversion not ghae %} -| `enable_two_factor_requirement` | Triggered when an owner requires two-factor authentication for all members{% ifversion fpt or ghec %}, billing managers,{% endif %} and outside collaborators in an organization.{% endif %}{% ifversion fpt or ghec %} -| `invite_member` | Triggered when [a new user was invited to join your organization](/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization). -| `oauth_app_access_approved` | Triggered when an owner [grants organization access to an {% data variables.product.prodname_oauth_app %}](/organizations/managing-oauth-access-to-your-organizations-data/approving-oauth-apps-for-your-organization). -| `oauth_app_access_denied` | Triggered when an owner [disables a previously approved {% data variables.product.prodname_oauth_app %}'s access](/organizations/managing-oauth-access-to-your-organizations-data/denying-access-to-a-previously-approved-oauth-app-for-your-organization) to your organization. -| `oauth_app_access_requested` | Triggered when an organization member requests that an owner grant an {% data variables.product.prodname_oauth_app %} access to your organization.{% endif %} -{%- ifversion ghec %} -| `org.transfer` | Triggered when an organization is transferred between enterprise accounts. For more information, see "[AUTOTITLE](/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#transferring-an-organization-between-enterprise-accounts)." -{%- endif %} -| `register_self_hosted_runner` | Triggered when a new self-hosted runner is registered. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-an-organization)." -| `remove_actions_secret` | Triggered when a {% data variables.product.prodname_actions %} secret is removed.{% ifversion fpt or ghec %} -| `remove_billing_manager` | Triggered when an [owner removes a billing manager from an organization](/organizations/managing-peoples-access-to-your-organization-with-roles/removing-a-billing-manager-from-your-organization) or when [two-factor authentication is required in an organization](/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization) and a billing manager doesn't use 2FA or disables 2FA. |{% endif %} -| `remove_member` | Triggered when an [owner removes a member from an organization](/organizations/managing-membership-in-your-organization/removing-a-member-from-your-organization){% ifversion not ghae %} or when [two-factor authentication is required in an organization](/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization) and an organization member doesn't use 2FA or disables 2FA{% endif %}. Also triggered when an [organization member removes themselves](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/removing-yourself-from-an-organization) from an organization.| -| `remove_outside_collaborator` | Triggered when an owner removes an outside collaborator from an organization{% ifversion not ghae %} or when [two-factor authentication is required in an organization](/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization) and an outside collaborator does not use 2FA or disables 2FA{% endif %}. | -| `remove_self_hosted_runner` | Triggered when a self-hosted runner is removed. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-an-organization)." {% ifversion ghec %} -| `revoke_external_identity` | Triggered when an organization owner revokes a member's linked identity. For more information, see "[AUTOTITLE](/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization#viewing-and-revoking-a-linked-identity)." -| `revoke_sso_session` | Triggered when an organization owner revokes a member's SAML session. For more information, see "[AUTOTITLE](/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization#viewing-and-revoking-a-linked-identity)." {% endif %} -{%- ifversion required-workflows %} -| `required_workflow_create` | Triggered when a required workflow is created. For more information, see "[AUTOTITLE](/actions/using-workflows/required-workflows)." -| `required_workflow_update` | Triggered when a required workflow is updated. For more information, see "[AUTOTITLE](/actions/using-workflows/required-workflows)." -| `required_workflow_delete` | Triggered when a required workflow is deleted. For more information, see "[AUTOTITLE](/actions/using-workflows/required-workflows)." -{%- endif %} -| `runner_group_created` | Triggered when a self-hosted runner group is created. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#creating-a-self-hosted-runner-group-for-an-organization)." -| `runner_group_removed` | Triggered when a self-hosted runner group is removed. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#removing-a-self-hosted-runner-group)." -| `runner_group_updated` | Triggered when the configuration of a self-hosted runner group is changed. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group)." -| `runner_group_runners_added` | Triggered when a self-hosted runner is added to a group. For more information, see [Moving a self-hosted runner to a group](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#moving-a-self-hosted-runner-to-a-group). -| `runner_group_runner_removed` | Triggered when the REST API is used to remove a self-hosted runner from a group. For more information, see "[AUTOTITLE](/rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization)." -| `runner_group_runners_updated`| Triggered when a runner group's list of members is updated. For more information, see "[AUTOTITLE](/rest/actions#set-self-hosted-runners-in-a-group-for-an-organization)."{% ifversion secret-scanning-custom-pattern-push-protection-audit %} -| `secret_scanning_custom_pattern_push_protection_disabled`| Triggered when an organization owner or person with admin access disables push protection for a custom pattern for {% data variables.product.prodname_secret_scanning %}. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization)." -| `secret_scanning_custom_pattern_push_protection_enabled`| Triggered when an organization owner or person with admin access enables push protection for a custom pattern for {% data variables.product.prodname_secret_scanning %}. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization)."{% endif %} -{%- ifversion code-security-audit-log-events %} -| `secret_scanning_push_protection_custom_message_disabled` | Triggered when an organization owner or admin disables the custom message triggered by an attempted push to a push-protected repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization)." -| `secret_scanning_push_protection_custom_message_enabled` | Triggered when an organization owner or admin enables the custom message triggered by an attempted push to a push-protected repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization)." -| `secret_scanning_push_protection_custom_message_updated` | Triggered when an organization owner or admin updates the custom message triggered by an attempted push to a push-protected repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization)." -{%- endif %} -{%- ifversion secret-scanning-audit-log-custom-patterns %} -| `secret_scanning_push_protection_disable ` | Triggered when an organization owner or person with admin access to the organization disables push protection for {% data variables.product.prodname_secret_scanning %}. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/code-security/secret-scanning/protecting-pushes-with-secret-scanning)." -| `secret_scanning_push_protection_enable ` | Triggered when an organization owner or person with admin access to the organization enables push protection for {% data variables.product.prodname_secret_scanning %}.{%- endif %} -| `self_hosted_runner_online` | Triggered when the runner application is started. Can only be viewed using the REST API; not visible in the UI or JSON/CSV export. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner)." -| `self_hosted_runner_offline` | Triggered when the runner application is stopped. Can only be viewed using the REST API; not visible in the UI or JSON/CSV export. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner)."{% ifversion fpt or ghes or ghec %} -| `self_hosted_runner_updated` | Triggered when the runner application is updated. Can be viewed using the REST API and the UI; not visible in the JSON/CSV export. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners)."{% endif %}{% ifversion fpt or ghec %} -| `set_actions_fork_pr_approvals_policy` | Triggered when the setting for requiring approvals for workflows from public forks is changed for an organization. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks)."{% endif %} -| `set_actions_retention_limit` | Triggered when the retention period for {% data variables.product.prodname_actions %} artifacts and logs is changed. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-artifact-and-log-retention-in-your-enterprise)."{% ifversion fpt or ghes or ghec %} -| `set_fork_pr_workflows_policy` | Triggered when the policy for workflows on private repository forks is changed. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks)."{% endif %}{% ifversion fpt or ghec %} -| `unblock_user` | Triggered when an organization owner [unblocks a user from an organization](/communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization).{% endif %}{% ifversion fpt or ghes or ghec %} -| `update_actions_secret` |Triggered when a {% data variables.product.prodname_actions %} secret is updated.{% endif %} -| `update_new_repository_default_branch_setting` | Triggered when an owner changes the name of the default branch for new repositories in the organization. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/managing-the-default-branch-name-for-repositories-in-your-organization)." -| `update_default_repository_permission` | Triggered when an owner changes the default repository permission level for organization members. -| `update_member` | Triggered when an owner changes a person's role from owner to member or member to owner. -| `update_member_repository_creation_permission` | Triggered when an owner changes the create repository permission for organization members.{% ifversion fpt or ghec %} -| `update_saml_provider_settings` | Triggered when an organization's SAML provider settings are updated. -| `update_terms_of_service` | Triggered when an organization changes between the Standard Terms of Service and the Corporate Terms of Service. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/upgrading-to-the-corporate-terms-of-service)."{% endif %} - -{% ifversion ghec %} -### `org_credential_authorization` category actions - -| Action | Description -|------------------|------------------- -| `grant` | Triggered when a member [authorizes credentials for use with SAML single sign-on](/authentication/authenticating-with-saml-single-sign-on). -| `deauthorized` | Triggered when a member [deauthorizes credentials for use with SAML single sign-on](/authentication/authenticating-with-saml-single-sign-on). -| `revoke` | Triggered when an owner [revokes authorized credentials](/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization). - -{% endif %}{% ifversion secret-scanning-audit-log-custom-patterns %} - -### `org_secret_scanning_custom_pattern` category actions - -| Action | Description -|------------------|------------------- -| `create` | Triggered when a custom pattern is published for {% data variables.product.prodname_secret_scanning %} in an organization. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization)." -| `update` | Triggered when changes to a custom pattern are saved for {% data variables.product.prodname_secret_scanning %} in an organization. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#editing-a-custom-pattern)." -| `delete` | Triggered when a custom pattern is removed from {% data variables.product.prodname_secret_scanning %} in an organization. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#removing-a-custom-pattern)." - -{% endif %} - -### `organization_default_label` category actions - -| Action | Description -|------------------|------------------- -| `create` | Triggered when a default label is created. -| `update` | Triggered when a default label is edited. -| `destroy` | Triggered when a default label is deleted. - -### `packages` category actions - -| Action | Description | -|--------|-------------| -| `package_version_published` | Triggered when a package version is published. | -| `package_version_deleted` | Triggered when a specific package version is deleted. For more information, see "[AUTOTITLE](/packages/learn-github-packages/deleting-and-restoring-a-package)." -| `package_deleted` | Triggered when an entire package is deleted. For more information, see "[AUTOTITLE](/packages/learn-github-packages/deleting-and-restoring-a-package)." -| `package_version_restored` | Triggered when a specific package version is deleted. For more information, see "[AUTOTITLE](/packages/learn-github-packages/deleting-and-restoring-a-package)." -| `package_restored` | Triggered when an entire package is restored. For more information, see "[AUTOTITLE](/packages/learn-github-packages/deleting-and-restoring-a-package)." - -{% ifversion fpt or ghec %} - -### `payment_method` category actions - -| Action | Description -|------------------|------------------- -| `create` | Triggered when a new payment method is added, such as a new credit card or PayPal account. -| `update` | Triggered when an existing payment method is updated. - -{% endif %} - -{% ifversion pat-v2 %} - -### `personal_access_token` category actions - -| Action | Description -|------------------|------------------- -| `access_granted` | Triggered when a {% data variables.product.pat_v2 %} is granted access to organization resources. For more information, see "[AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization)." -| `access_revoked` | Triggered when access to organization resources by a {% data variables.product.pat_v2 %} is revoked. The token can still read public organization resources. For more information, see "[AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization)." -| `request_cancelled` | Triggered when a member of the organization cancels a request for their {% data variables.product.pat_v2 %} to access organization resources. -| `request_created` | Triggered when a member of the organization creates a {% data variables.product.pat_v2 %} to access organization resources and the organization requires approval before a {% data variables.product.pat_v2 %} can access organization resources. For more information, see "[AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization)." -| `request_denied` | Triggered when a request for a {% data variables.product.pat_v2 %} to access organization resources is denied. For more information, see "[AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization)." - -{% endif %} - -### `profile_picture` category actions -| Action | Description -|------------------|------------------- -| update | Triggered when you set or update your organization's profile picture. - -### `project` category actions - -| Action | Description -|--------------------|--------------------- -| `create` | Triggered when a project board is created. -| `link` | Triggered when a repository is linked to a project board. -| `rename` | Triggered when a project board is renamed. -| `update` | Triggered when a project board is updated. -| `delete` | Triggered when a project board is deleted. -| `unlink` | Triggered when a repository is unlinked from a project board. -| `update_org_permission` | Triggered when the base-level permission for all organization members is changed or removed. | -| `update_team_permission` | Triggered when a team's project board permission level is changed or when a team is added or removed from a project board. | -| `update_user_permission` | Triggered when an organization member or outside collaborator is added to or removed from a project board or has their permission level changed.| - -### `protected_branch` category actions - -| Action | Description -|--------------------|--------------------- -| `create ` | Triggered when branch protection is enabled on a branch. -| `destroy` | Triggered when branch protection is disabled on a branch. -| `update_admin_enforced ` | Triggered when branch protection is enforced for repository administrators. -| `update_require_code_owner_review ` | Triggered when enforcement of required Code Owner review is updated on a branch. -| `dismiss_stale_reviews ` | Triggered when enforcement of dismissing stale pull requests is updated on a branch. -| `update_signature_requirement_enforcement_level ` | Triggered when enforcement of required commit signing is updated on a branch. -| `update_pull_request_reviews_enforcement_level ` | Triggered when enforcement of required pull request reviews is updated on a branch. Can be one of `0`(deactivated), `1`(non-admins), `2`(everyone). -| `update_required_status_checks_enforcement_level ` | Triggered when enforcement of required status checks is updated on a branch. -| `update_strict_required_status_checks_policy` | Triggered when the requirement for a branch to be up to date before merging is changed. -| `rejected_ref_update ` | Triggered when a branch update attempt is rejected. -| `policy_override ` | Triggered when a branch protection requirement is overridden by a repository administrator. -| `update_allow_force_pushes_enforcement_level ` | Triggered when force pushes are enabled or disabled for a protected branch. -| `update_allow_deletions_enforcement_level ` | Triggered when branch deletion is enabled or disabled for a protected branch. -| `update_linear_history_requirement_enforcement_level ` | Triggered when required linear commit history is enabled or disabled for a protected branch. - -### `pull_request` category actions - -| Action | Description -|------------------|------------------- -| `create` | Triggered when a pull request is created. -| `close` | Triggered when a pull request is closed without being merged. -| `reopen` | Triggered when a pull request is reopened after previously being closed. -| `merge` | Triggered when a pull request is merged. -| `indirect_merge` | Triggered when a pull request is considered merged because its commits were merged into the target branch. -| `ready_for_review` | Triggered when a pull request is marked as ready for review. -| `converted_to_draft` | Triggered when a pull request is converted to a draft. -| `create_review_request` | Triggered when a review is requested. -| `remove_review_request` | Triggered when a review request is removed. - -### `pull_request_review` category actions - -| Action | Description -|------------------|------------------- -| `submit` | Triggered when a review is submitted. -| `dismiss` | Triggered when a review is dismissed. -| `delete` | Triggered when a review is deleted. - -### `pull_request_review_comment` category actions - -| Action | Description -|------------------|------------------- -| `create` | Triggered when a review comment is added. -| `update` | Triggered when a review comment is changed. -| `delete` | Triggered when a review comment is deleted. - -### `repo` category actions - -| Action | Description -|------------------|------------------- -| `access` | Triggered when a user [changes the visibility](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility) of a repository in the organization. -| `actions_enabled` | Triggered when {% data variables.product.prodname_actions %} is enabled for a repository. Can be viewed using the UI. This event is not included when you access the audit log using the REST API. For more information, see "[Using the audit log API](#using-the-audit-log-api)." -| `add_member` | Triggered when a user accepts an [invitation to have collaboration access to a repository](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository). -| `add_topic` | Triggered when a repository admin [adds a topic](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics) to a repository. -| `advanced_security_disabled` | Triggered when a repository administrator disables {% data variables.product.prodname_GH_advanced_security %} features for the repository. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository)." -| `advanced_security_enabled` | Triggered when a repository administrator enables {% data variables.product.prodname_GH_advanced_security %} features for the repository. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository).". -| `archived` | Triggered when a repository admin [archives a repository](/repositories/archiving-a-github-repository/archiving-repositories). -{%- ifversion remove-code-scanning-configurations %} -| `code_scanning_configuration_for_branch_deleted` | Triggered when a {% data variables.product.prodname_code_scanning %} configuration for a branch of a repository is deleted. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository#removing-stale-configurations-and-alerts-from-a-branch)." -{%- endif %} -{%- ifversion ghes %} -| `config.disable_anonymous_git_access` | Triggered when [anonymous Git read access is disabled](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/enabling-anonymous-git-read-access-for-a-repository) in a public repository. -| `config.enable_anonymous_git_access` | Triggered when [anonymous Git read access is enabled](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/enabling-anonymous-git-read-access-for-a-repository) in a public repository. -| `config.lock_anonymous_git_access` | Triggered when a repository's [anonymous Git read access setting is locked](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise). -| `config.unlock_anonymous_git_access` | Triggered when a repository's [anonymous Git read access setting is unlocked](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise).{% endif %} -| `create` | Triggered when [a new repository is created](/repositories/creating-and-managing-repositories/creating-a-new-repository).{% ifversion fpt or ghes or ghec %} -| `create_actions_secret` |Triggered when a {% data variables.product.prodname_actions %} secret is created for a repository. For more information, see "[AUTOTITLE](/actions/security-guides/encrypted-secrets#creating-encrypted-secrets-for-a-repository)."{% endif %} -| `destroy` | Triggered when [a repository is deleted](/repositories/creating-and-managing-repositories/deleting-a-repository).{% ifversion fpt or ghec %} -| `disable` | Triggered when a repository is disabled (e.g., for [insufficient funds](/billing/managing-your-github-billing-settings/unlocking-a-locked-account)).{% endif %} -| `download_zip` | A source code archive of a repository was downloaded as a ZIP file. For more information, see "[AUTOTITLE](/repositories/working-with-files/using-files/downloading-source-code-archives)." -| `enable` | Triggered when a repository is re-enabled.{% ifversion fpt or ghes or ghec %} -| `remove_actions_secret` | Triggered when a {% data variables.product.prodname_actions %} secret is removed.{% endif %} -| `remove_member` | Triggered when a user is [removed from a repository as a collaborator](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository). -| `register_self_hosted_runner` | Triggered when a new self-hosted runner is registered. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository)." -| `remove_self_hosted_runner` | Triggered when a self-hosted runner is removed. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-a-repository)." -| `remove_topic` | Triggered when a repository admin removes a topic from a repository. -| `rename` | Triggered when [a repository is renamed](/repositories/creating-and-managing-repositories/renaming-a-repository). -| `self_hosted_runner_online` | Triggered when the runner application is started. Can only be viewed using the REST API; not visible in the UI or JSON/CSV export. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner)." -| `self_hosted_runner_offline` | Triggered when the runner application is stopped. Can only be viewed using the REST API; not visible in the UI or JSON/CSV export. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner)."{% ifversion fpt or ghes or ghec %} -| `self_hosted_runner_updated` | Triggered when the runner application is updated. Can be viewed using the REST API and the UI; not visible in the JSON/CSV export. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners)."{% endif %}{% ifversion fpt or ghec %} -| `set_actions_fork_pr_approvals_policy` | Triggered when the setting for requiring approvals for workflows from public forks is changed. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks)."{% endif %} -| `set_actions_retention_limit` | Triggered when the retention period for {% data variables.product.prodname_actions %} artifacts and logs is changed. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository)."{% ifversion fpt or ghes or ghec %} -| `set_fork_pr_workflows_policy` | Triggered when the policy for workflows on private repository forks is changed. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks)."{% endif %} -| `staff_unlock` | Triggered when an enterprise owner or {% data variables.contact.github_support %} (with permission from a repository administrator) temporarily unlocked the repository. The visibility of the repository isn't changed. -| `transfer` | Triggered when [a repository is transferred](/repositories/creating-and-managing-repositories/transferring-a-repository). -| `transfer_start` | Triggered when a repository transfer is about to occur. -| `unarchived` | Triggered when a repository admin unarchives a repository.{% ifversion fpt or ghes or ghec %} -| `update_actions_secret` | Triggered when a {% data variables.product.prodname_actions %} secret is updated.{% endif %} - -{% ifversion fpt or ghec %} - -### `repository_advisory` category actions - -| Action | Description -|------------------|------------------- -| `close` | Triggered when someone closes a security advisory. For more information, see "[AUTOTITLE](/code-security/security-advisories/repository-security-advisories/about-repository-security-advisories)." -| `cve_request` | Triggered when someone requests a CVE (Common Vulnerabilities and Exposures) number from {% data variables.product.prodname_dotcom %} for a draft security advisory. -| `github_broadcast` | Triggered when {% data variables.product.prodname_dotcom %} makes a security advisory public in the {% data variables.product.prodname_advisory_database %}. -| `github_withdraw` | Triggered when {% data variables.product.prodname_dotcom %} withdraws a security advisory that was published in error. -| `open` | Triggered when someone opens a draft security advisory. -| `publish` | Triggered when someone publishes a security advisory. -| `reopen` | Triggered when someone reopens as draft security advisory. -| `update` | Triggered when someone edits a draft or published security advisory. - -### `repository_content_analysis` category actions - -| Action | Description -|------------------|------------------- -| `enable` | Triggered when an organization owner or person with admin access to the repository [enables data use settings for a private repository](/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository). -| `disable` | Triggered when an organization owner or person with admin access to the repository [disables data use settings for a private repository](/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository). - -{% endif %}{% ifversion fpt or ghec %} - -### `repository_dependency_graph` category actions - -| Action | Description -|------------------|------------------- -| `disable` | Triggered when a repository owner or person with admin access to the repository disables the dependency graph for a {% ifversion fpt or ghec %}private {% endif %}repository. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)." -| `enable` | Triggered when a repository owner or person with admin access to the repository enables the dependency graph for a {% ifversion fpt or ghec %}private {% endif %}repository. - -{% endif %} - -### `repository_invitation` category actions - -| Action | Description -|--------|------------- -| `repository_invitation.accept` | An invitation to join a repository was accepted. -| `repository_invitation.cancel` | An invitation to join a repository was canceled. -| `repository_invitation.create` | An invitation to join a repository was sent. -| `repository_invitation.reject` | An invitation to join a repository was declined. - -{% ifversion ghec or ghes or ghae %} -### `repository_secret_scanning` category actions - -| Action | Description -|------------------|------------------- -| `disable` | Triggered when a repository owner or person with admin access to the repository disables {% data variables.product.prodname_secret_scanning %} for a repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)." -| `enable` | Triggered when a repository owner or person with admin access to the repository enables {% data variables.product.prodname_secret_scanning %} for a repository. - -{% endif %}{% ifversion secret-scanning-audit-log-custom-patterns %} - -### `repository_secret_scanning_custom_pattern` category actions - -| Action | Description -|------------------|------------------- -| `create` | Triggered when a custom pattern is published for {% data variables.product.prodname_secret_scanning %} in a repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository)." -| `update` | Triggered when changes to a custom pattern are saved for {% data variables.product.prodname_secret_scanning %} in a repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#editing-a-custom-pattern)." -| `delete` | Triggered when a custom pattern is removed from {% data variables.product.prodname_secret_scanning %} in a repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#removing-a-custom-pattern)." - -{% endif %}{% ifversion secret-scanning-custom-pattern-push-protection-audit %} - -### `repository_secret_scanning_custom_pattern_push_protection` category actions - -| Action | Description -|------------------|------------------- -| `enable` | Triggered when a repository owner or person with admin access to a repository enables push protection for a custom pattern for {% data variables.product.prodname_secret_scanning %}. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository)." -| `disable` | Triggered when a repository owner or person with admin access to a repository disables push protection for a custom pattern for {% data variables.product.prodname_secret_scanning %}. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository)." - -{% endif %}{% ifversion secret-scanning-audit-log-custom-patterns %} - -### `repository_secret_scanning_push_protection` category actions - -| Action | Description -|------------------|------------------- -| `disable` | Triggered when a repository owner or person with admin access to the repository disables {% data variables.product.prodname_secret_scanning %} for a repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)." -| `enable` | Triggered when a repository owner or person with admin access to the repository enables {% data variables.product.prodname_secret_scanning %} for a repository. - -{% endif %} -### `repository_vulnerability_alert` category actions - -| Action | Description -|------------------|------------------- -| `create` | Triggered when {% data variables.product.product_name %} creates a {% data variables.product.prodname_dependabot %} alert for a repository that uses a vulnerable dependency. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)." -| `dismiss` | Triggered when an organization owner or person with admin{% ifversion dependabot-alerts-permissions-write-maintain %}, write, or maintain{% endif %} access to the repository dismisses a {% data variables.product.prodname_dependabot %} alert about a vulnerable dependency. -| `resolve` | Triggered when someone with write {% ifversion dependabot-alerts-permissions-write-maintain %}or maintain{% endif %} access to a repository pushes changes to update and resolve a vulnerability in a project dependency. -{% ifversion fpt or ghec %} -### `repository_vulnerability_alerts` category actions - -| Action | Description -|------------------|------------------- -| `authorized_users_teams` | Triggered when an organization owner or a person with admin permissions to the repository updates the list of people or teams authorized to receive {% data variables.product.prodname_dependabot_alerts %} for the repository. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)." -| `disable` | Triggered when a repository owner or person with admin access to the repository disables {% data variables.product.prodname_dependabot_alerts %}. -| `enable` | Triggered when a repository owner or person with admin access to the repository enables {% data variables.product.prodname_dependabot_alerts %}. - -{% endif %}{% ifversion custom-repository-roles %} -### `role` category actions -| Action | Description -|------------------|------------------- -|`create` | Triggered when an organization owner creates a new custom repository role. For more information, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization)." -|`destroy` | Triggered when an organization owner deletes a custom repository role. For more information, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization)." -|`update` | Triggered when an organization owner edits an existing custom repository role. For more information, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization)." - -{% endif %} -{% ifversion ghec or ghes or ghae %} -### `secret_scanning` category actions - -| Action | Description -|------------------|------------------- -| `disable` | Triggered when an organization owner disables {% data variables.product.prodname_secret_scanning %} for all existing{% ifversion ghec %}, private or internal{% endif %} repositories. For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)." -| `enable` | Triggered when an organization owner enables {% data variables.product.prodname_secret_scanning %} for all existing{% ifversion ghec %}, private or internal{% endif %} repositories. -{% endif %} - -{% ifversion secret-scanning-alert-audit-log %} -### `secret_scanning_alert` category actions - -| Action | Description -|------------------|------------------- -| `create` | Triggered when {% data variables.product.prodname_dotcom %} detects an exposed secret and creates a {% data variables.product.prodname_secret_scanning %} alert. For more information, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning)." -| `reopen` | Triggered when a user reopens a {% data variables.product.prodname_secret_scanning %} alert. -| `resolve` | Triggered when a user resolves a {% data variables.product.prodname_secret_scanning %} alert. -{% endif %} - -{% ifversion ghec or ghes or ghae %} -### `secret_scanning_new_repos` category actions - -| Action | Description -|------------------|------------------- -| `disable` | Triggered when an organization owner disables {% data variables.product.prodname_secret_scanning %} for all new {% ifversion ghec %}private or internal {% endif %}repositories. For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)." -| `enable` | Triggered when an organization owner enables {% data variables.product.prodname_secret_scanning %} for all new {% ifversion ghec %}private or internal {% endif %}repositories. -{% endif %} - -{% ifversion secret-scanning-push-protection-bypasses %} -### `secret_scanning_push_protection` category actions - -| Action | Description -|------------------|------------------- -| `bypass` | Triggered when a user bypasses the push protection on a secret detected by {% data variables.product.prodname_secret_scanning %}. For more information, see "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning#bypassing-push-protection-for-a-secret)." -{% endif %} - -{% ifversion fpt or ghec %} -### `sponsors` category actions - -| Action | Description -|------------------|------------------- -| `custom_amount_settings_change` | Triggered when you enable or disable custom amounts, or when you change the suggested custom amount (see "[AUTOTITLE](/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers)") -| `repo_funding_links_file_action` | Triggered when you change the FUNDING file in your repository (see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository)") -| `sponsor_sponsorship_cancel` | Triggered when you cancel a sponsorship (see "[AUTOTITLE](/billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship)") -| `sponsor_sponsorship_create` | Triggered when you sponsor an account (see "[AUTOTITLE](/sponsors/sponsoring-open-source-contributors/sponsoring-an-open-source-contributor)") -| `sponsor_sponsorship_payment_complete` | Triggered after you sponsor an account and your payment has been processed (see "[AUTOTITLE](/sponsors/sponsoring-open-source-contributors/sponsoring-an-open-source-contributor)") -| `sponsor_sponsorship_preference_change` | Triggered when you change whether you receive email updates from a sponsored account (see "[AUTOTITLE](/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship)") -| `sponsor_sponsorship_tier_change` | Triggered when you upgrade or downgrade your sponsorship (see "[AUTOTITLE](/billing/managing-billing-for-github-sponsors/upgrading-a-sponsorship)" and "[AUTOTITLE](/billing/managing-billing-for-github-sponsors/downgrading-a-sponsorship)") -| `sponsored_developer_approve` | Triggered when your {% data variables.product.prodname_sponsors %} account is approved (see "[AUTOTITLE](/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-organization)") -| `sponsored_developer_create` | Triggered when your {% data variables.product.prodname_sponsors %} account is created (see "[AUTOTITLE](/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-organization)") -| `sponsored_developer_disable` | Triggered when your {% data variables.product.prodname_sponsors %} account is disabled -| `sponsored_developer_redraft` | Triggered when your {% data variables.product.prodname_sponsors %} account is returned to draft state from approved state -| `sponsored_developer_profile_update` | Triggered when you edit your sponsored organization profile (see "[AUTOTITLE](/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors)") -| `sponsored_developer_request_approval` | Triggered when you submit your application for {% data variables.product.prodname_sponsors %} for approval (see "[AUTOTITLE](/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-organization)") -| `sponsored_developer_tier_description_update` | Triggered when you change the description for a sponsorship tier (see "[AUTOTITLE](/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers)") -| `sponsored_developer_update_newsletter_send` | Triggered when you send an email update to your sponsors (see "[AUTOTITLE](/sponsors/receiving-sponsorships-through-github-sponsors/contacting-your-sponsors)") -| `waitlist_invite_sponsored_developer` | Triggered when you are invited to join {% data variables.product.prodname_sponsors %} from the waitlist (see "[AUTOTITLE](/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-organization)") -| `waitlist_join` | Triggered when you join the waitlist to become a sponsored organization (see "[AUTOTITLE](/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-organization)") -{% endif %} - -### `team` category actions - -| Action | Description -|------------------|------------------- -| `add_member` | Triggered when a member of an organization is [added to a team](/organizations/organizing-members-into-teams/adding-organization-members-to-a-team). -| `add_repository` | Triggered when a team is given control of a repository. -| `change_parent_team` | Triggered when a child team is created or [a child team's parent is changed](/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy). -| `change_privacy` | Triggered when a team's privacy level is changed. -| `create` | Triggered when a new team is created. -| `demote_maintainer` | Triggered when a user was demoted from a team maintainer to a team member. For more information, see "[AUTOTITLE](/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member)." -| `destroy` | Triggered when a team is deleted from the organization. -| `team.promote_maintainer` | Triggered when a user was promoted from a team member to a team maintainer. For more information, see "[AUTOTITLE](/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member)." -| `remove_member` | Triggered when a member of an organization is [removed from a team](/organizations/organizing-members-into-teams/removing-organization-members-from-a-team). -| `remove_repository` | Triggered when a repository is no longer under a team's control. - -### `team_discussions` category actions - -| Action | Description -|---|---| -| `disable` | Triggered when an organization owner disables team discussions for an organization. For more information, see "[AUTOTITLE](/organizations/organizing-members-into-teams/disabling-team-discussions-for-your-organization)." -| `enable` | Triggered when an organization owner enables team discussions for an organization. - -### `workflows` category actions - -{% data reusables.actions.actions-audit-events-workflow %} -## Further reading +# Further reading - "[AUTOTITLE](/organizations/keeping-your-organization-secure)" {%- ifversion fpt or ghec %}