Cette version de GitHub Enterprise Server ne sera plus disponible le 2026-03-17. Aucune publication de correctifs n’est effectuée, même pour les problèmes de sécurité critiques. Pour de meilleures performances, une sécurité améliorée et de nouvelles fonctionnalités, effectuez une mise à niveau vers la dernière version de GitHub Enterprise. Pour obtenir de l’aide sur la mise à niveau, contactez le support GitHub Enterprise.

Événements du journal d’audit pour votre organisation

Découvrez les événements de journal d’audit enregistrés pour votre organisation.

Dans cet article

Remarque

Cet article contient les événements disponibles dans la dernière version de GitHub Enterprise Server. Certains des événements peuvent ne pas être disponibles dans les versions précédentes.
Cet article contient les événements qui peuvent apparaître dans le journal d’audit de votre organisation. Pour les événements qui peuvent apparaître dans le journal de sécurité d'un compte d'utilisateur ou dans le journal d'audit d'une entreprise, consultez Événements du journal de sécurité et Événements du journal d’audit pour votre entreprise.
Les webhooks peuvent être une bonne alternative au journal d’audit ou à l’interrogation d’API pour certains cas d'utilisation. Les webhooks sont un moyen pour GitHub de notifier votre serveur lorsque des événements spécifiques se produisent pour un référentiel, une organisation ou une entreprise. Par rapport à l’API ou à la recherche dans le journal d’audit, les webhooks peuvent être plus efficaces si vous souhaitez simplement apprendre et éventuellement journaliser quand certains événements se produisent sur votre entreprise, organisation ou référentiel. Consultez Documentation sur les webhooks.

A propos des événements du journal d’audit pour votre organisation

Le nom de chaque entrée dans le journal d’audit est composé du qualificateur d’objet ou de catégorie, suivi d’un type d’opération. Par exemple, l’entrée repo.create fait référence à l’opération create sur la catégorie repo. Les informations de référence de cet article sont regroupées par catégories.

Audit log events

account

account.plan_change: The account's plan changed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: How GitHub billing works

actions_cache

actions_cache.delete: A GitHub Actions cache was deleted using the REST API.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, actions_cache_id, actions_cache_key, actions_cache_version, actions_cache_scope, created_at, operation_type

advisory_credit

advisory_credit.accept: Credit was accepted for a security advisory.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, ghsa_id, recipient, operation_type, created_at
Référence: Editing a repository security advisory

advisory_credit.create: Someone was added to the credit section of a security advisory.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, ghsa_id, recipient, operation_type, created_at

advisory_credit.decline: Credit was declined for a security advisory.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, ghsa_id, recipient, operation_type, created_at, public_repo

advisory_credit.destroy: Someone was removed from the credit section of a security advisory.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, ghsa_id, recipient, operation_type, created_at, public_repo

artifact

artifact.destroy: A workflow run artifact was manually deleted.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

auto_approve_personal_access_token_requests

auto_approve_personal_access_token_requests.disable: Triggered when the organization must approve fine-grained personal access tokens before the tokens can access organization resources. See also: personal_access_token.auto_approve_grant_requests_disabled
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: /organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization

auto_approve_personal_access_token_requests.enable: Triggered when fine-grained personal access tokens can access organization resources without prior approval. See also: personal_access_token.auto_approve_grant_requests_enabled
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: /organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization

billing

billing.change_billing_type: The way the account pays for GitHub was changed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: Managing your payment and billing information

billing.change_email: The billing email address changed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, email
Référence: Managing your payment and billing information

checks

checks.auto_trigger_disabled: Automatic creation of check suites was disabled on a repository in the organization or enterprise.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, created_at, operation_type
Référence: /rest/checks#update-repository-preferences-for-check-suites

checks.auto_trigger_enabled: Automatic creation of check suites was enabled on a repository in the organization or enterprise.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, operation_type, created_at, public_repo
Référence: /rest/checks#update-repository-preferences-for-check-suites

checks.delete_logs: Logs in a check suite were deleted.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

codespaces

codespaces.allow_permissions: A codespace using custom permissions from its devcontainer.json file was launched.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, origin_repository, created_at, operation_type

codespaces.attempted_to_create_from_prebuild: An attempt to create a codespace from a prebuild was made.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, owner, pull_request_id, created_at, operation_type, public_repo

codespaces.business_enablement_updated: Enterprise setting for Codespaces ownership was updated.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, enablement, organization_names, created_at, operation_type
Référence: /codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization

codespaces.connect: Credentials for a codespace were refreshed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, pull_request_id, owner, name, operation_type, created_at, public_repo, actor_is_bot, machine_type, devcontainer_path

codespaces.create: A codespace was created
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, pull_request_id, owner, name, operation_type, created_at, actor_is_bot, machine_type, devcontainer_path
Référence: Creating a codespace for a repository

codespaces.destroy: A user deleted a codespace.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, pull_request_id, owner, name, operation_type, created_at
Référence: Deleting a codespace

codespaces.export_environment: A codespace was exported to a branch on GitHub.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, owner, created_at, operation_type, public_repo

codespaces.policy_group_created: Policies were applied to codespaces in an organization or enterprise.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

codespaces.policy_group_deleted: Policies were removed from codespaces in an organization or enterprise.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

codespaces.policy_group_updated: Policies were updated for codespaces in an organization or enterprise.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

codespaces.restore: A codespace was restored.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, owner, public_repo, created_at, operation_type

codespaces.start_environment: A codespace was started.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, owner, pull_request_id, machine_type, devcontainer_path, public_repo, created_at, operation_type

codespaces.suspend_environment: A codespace was stopped.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, owner, operation_type, created_at, public_repo

codespaces.trusted_repositories_access_update: A personal account's access and security setting for Codespaces were updated.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: Managing access to other repositories within your codespace

commit_comment

commit_comment.destroy: A commit comment was deleted.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

commit_comment.update: A commit comment was updated.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

copilot

copilot.access_revoked: Copilot access was revoked for the organization or enterprise due to its Copilot subscription ending, an issue with billing the entity, the entity being marked spammy, or the entity being suspended.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, reason, plan, owner, created_at, operation_type

copilot.cfb_org_settings_changed: Copilot feature settings were changed at the organization level.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

copilot.cfb_seat_added: A Copilot Business or Copilot Enterprise seat was added for a user and they have received access to GitHub Copilot. This can occur as the result of directly assigning a seat for a user, assigning a seat for a team, or setting the organization to allow access for all members.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

copilot.cfb_seat_assignment_created: A Copilot Business or Copilot Enterprise seat assignment was newly created for a user or a team, and seats are being created.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: What is GitHub Copilot?

copilot.cfb_seat_assignment_refreshed: A seat assignment that was previously pending cancellation was re-assigned and the user will retain access to Copilot.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

copilot.cfb_seat_assignment_reused: A Copilot Business or Copilot Enterprise seat assignment was re-created for a user who already had a seat with no pending cancellation date, and the user will retain access to Copilot.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

copilot.cfb_seat_assignment_unassigned: A user or team's Copilot Business or Copilot Enterprise seat assignment was unassigned, and the user(s) will lose access to Copilot at the end of the current billing cycle.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

copilot.cfb_seat_cancelled: A user's Copilot Business or Copilot Enterprise seat was canceled, and the user no longer has access to Copilot.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, seat_assignment

copilot.cfb_seat_cancelled_by_staff: A user's Copilot Business or Copilot Enterprise seat was canceled manually by GitHub staff, and the user no longer has access to Copilot.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

copilot.cfb_seat_management_changed: The seat management setting was changed at the organization level to either enable or disable Copilot access for all members of the organization, or to enable Copilot access for selected members or teams.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, old_value, new_value, created_at, operation_type, actor_is_bot

copilot.content_exclusion_changed: The excluded paths for GitHub Copilot were updated.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, excluded_paths, owner_type, created_at, operation_type

copilot.plan_changed: The plan for GitHub Copilot was updated.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, old_plan, plan, created_at, operation_type, actor_is_bot
Référence: GitHub Copilot licenses

copilot.plan_downgrade_scheduled: The plan for GitHub Copilot was scheduled to be downgraded.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, owner, created_at, operation_type, actor_is_bot, current_plan, scheduled_plan

custom_property_definition

custom_property_definition.create: A new custom property definition was created.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, property_name, created_at, operation_type, value_type, required, default_value, definition_id
Référence: /organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization

custom_property_definition.destroy: A custom property definition was deleted.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, property_name, created_at, operation_type, value_type, required, default_value, definition_id, allowed_values
Référence: /organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization

custom_property_definition.update: A custom property definition was updated.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, property_name, created_at, operation_type, value_type, required, default_value, old_allowed_values, allowed_values, definition_id, old_required, old_default_value, old_value_type, old_values_editable_by, values_editable_by
Référence: /organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization

custom_property_value

custom_property_value.create: A repository's custom property value was manually set for the first time.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, definition_id, property_name, value, public_repo, created_at, operation_type, actor_is_bot
Référence: /organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization

custom_property_value.destroy: A repository's custom property value was deleted.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, public_repo, created_at, operation_type
Référence: /organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization

custom_property_value.update: A repository's custom property value was updated.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, public_repo, created_at, operation_type, definition_id
Référence: /organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization

dependabot_alerts

dependabot_alerts.disable: Dependabot alerts were disabled for all existing repositories.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories

dependabot_alerts.enable: Dependabot alerts were enabled for all existing repositories.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories

dependabot_alerts_new_repos

dependabot_alerts_new_repos.disable: Dependabot alerts were disabled for all new repositories.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added

dependabot_alerts_new_repos.enable: Dependabot alerts were enabled for all new repositories.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-automatically-when-new-repositories-are-added

dependabot_repository_access

dependabot_repository_access.repositories_updated: The repositories that Dependabot can access were updated.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

dependabot_security_updates

dependabot_security_updates.disable: Dependabot security updates were disabled for all existing repositories.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization

dependabot_security_updates.enable: Dependabot security updates were enabled for all existing repositories.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

dependabot_security_updates_new_repos

dependabot_security_updates_new_repos.disable: Dependabot security updates were disabled for all new repositories.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization

dependabot_security_updates_new_repos.enable: Dependabot security updates were enabled for all new repositories.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

dependency_graph

dependency_graph.disable: The dependency graph was disabled for all existing repositories.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization

dependency_graph.enable: The dependency graph was enabled for all existing repositories.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

dependency_graph_new_repos

dependency_graph_new_repos.disable: The dependency graph was disabled for all new repositories.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization

dependency_graph_new_repos.enable: The dependency graph was enabled for all new repositories.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

enterprise_announcement

enterprise_announcement.create: A global announcement banner was created for the enterprise.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, owner, owner_type, message, created_at, operation_type
Référence: Customizing user messages for your enterprise

enterprise_announcement.destroy: A global announcement banner was removed from the enterprise.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, owner, owner_type, created_at, operation_type
Référence: Customizing user messages for your enterprise

enterprise_announcement.update: A global announcement banner was updated for the enterprise.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, owner, owner_type, message, old_message, created_at, operation_type
Référence: Customizing user messages for your enterprise

enterprise_installation

enterprise_installation.create: The GitHub App associated with a GitHub Connect connection was created.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: Enabling GitHub Connect for GitHub.com

enterprise_installation.destroy: The GitHub App associated with a GitHub Connect connection was deleted.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: Enabling GitHub Connect for GitHub.com

environment

environment.add_protection_rule: A GitHub Actions deployment protection rule was created via the API.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, operation_type, created_at
Référence: Managing environments for deployment

environment.create_actions_secret: A secret was created for a GitHub Actions environment.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, key, visibility, operation_type, created_at, public_repo
Référence: Managing environments for deployment

environment.create_actions_variable: A variable was created for a GitHub Actions environment.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, visibility, environment_name, public_repo, created_at, operation_type, actor_is_bot
Référence: Store information in variables

environment.delete: An environment was deleted.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, operation_type, created_at, public_repo, actor_is_bot
Référence: Managing environments for deployment

environment.remove_actions_secret: A secret was deleted for a GitHub Actions environment.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, key, operation_type, created_at, public_repo
Référence: Managing environments for deployment

environment.remove_actions_variable: A variable was deleted for a GitHub Actions environment.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, environment_name, public_repo, created_at, operation_type
Référence: Store information in variables

environment.remove_protection_rule: A GitHub Actions deployment protection rule was deleted via the API.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, operation_type, created_at, public_repo
Référence: Managing environments for deployment

environment.update_actions_secret: A secret was updated for a GitHub Actions environment.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, key, visibility, operation_type, created_at, public_repo
Référence: Managing environments for deployment

environment.update_actions_variable: A variable was updated for a GitHub Actions environment.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, visibility, environment_name, public_repo, created_at, operation_type
Référence: Store information in variables

environment.update_protection_rule: A GitHub Actions deployment protection rule was updated via the API.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, new_value, approvers_was, approvers, can_admins_bypass, prevent_self_review
Référence: Managing environments for deployment

git

Note: Git events have special access requirements and retention policies that differ from other audit log events. For GitHub Enterprise Cloud, access Git events via the REST API only with 7-day retention. For GitHub Enterprise Server, Git events must be enabled in audit log configuration and are not included in search results.

git.clone: A repository was cloned. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, transport_protocol, repository_public, transport_protocol_name

git.fetch: Changes were fetched from a repository. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, transport_protocol, repository_public, transport_protocol_name

git.push: Changes were pushed to a repository. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, transport_protocol, repository_public, transport_protocol_name

hook

hook.active_changed: A hook's active status was updated.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, name, events, active, active_was, hook_id, operation_type

hook.config_changed: A hook's configuration was changed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, name, hook_id, created_at, oauth_application_id, events

hook.create: A new hook was added.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application, oauth_application_id, hook_id, events, operation_type, name, created_at
Référence: About webhooks

hook.destroy: A hook was deleted.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, events, created_at, name, operation_type, oauth_application_id, hook_id

hook.events_changed: A hook's configured events were changed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, events, operation_type, name, events_were, created_at, hook_id, oauth_application_id

integration

integration.create: A GitHub App was created.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, name, integration, created_at, application_client_id

integration.destroy: A GitHub App was deleted.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, integration, operation_type, created_at

integration.manager_added: A member of an enterprise or organization was added as a GitHub App manager.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, name, manager, operation_type, integration
Référence: /organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#giving-someone-the-ability-to-manage-all-github-apps-owned-by-the-organization

integration.manager_removed: A member of an enterprise or organization was removed from being a GitHub App manager.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, integration, name, created_at, manager
Référence: /organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization#removing-a-github-app-managers-permissions-for-the-entire-organization

integration.remove_client_secret: A client secret for a GitHub App was removed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, integration, operation_type, created_at

integration.revoke_all_tokens: All user tokens for a GitHub App were requested to be revoked.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, integration, operation_type, created_at, application_client_id

integration.revoke_tokens: Token(s) for a GitHub App were revoked.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, integration, operation_type, created_at, application_client_id

integration.suspend: A GitHub App was suspended.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, integration, created_at, operation_type, application_client_id
Référence: /apps/maintaining-github-apps/suspending-a-github-app-installation

integration.transfer: Ownership of a GitHub App was transferred to another user or organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, transfer_to_id, requester, requester_id, created_at, transfer_to, operation_type, integration, transfer_from, transfer_from_id, transfer_from_type, transfer_to_type
Référence: /apps/maintaining-github-apps/transferring-ownership-of-a-github-app

integration.unsuspend: A GitHub App was unsuspended.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, integration, created_at, operation_type, application_client_id
Référence: /apps/maintaining-github-apps/suspending-a-github-app-installation

integration_installation

integration_installation.create: A GitHub App was installed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, name, repository_selection, created_at, integration, application_client_id
Référence: /apps/using-github-apps/authorizing-github-apps

integration_installation.destroy: A GitHub App was uninstalled.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, repository_selection, integration, operation_type, name, application_client_id
Référence: /apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access

integration_installation.repositories_added: Repositories were added to a GitHub App.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, repository_selection, name, integration, operation_type, repositories_added, created_at, repositories_added_names, actor_is_bot, application_client_id
Référence: /apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access

integration_installation.repositories_removed: Repositories were removed from a GitHub App.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, repository_selection, repositories_removed, integration, created_at, name, repositories_removed_names, actor_is_bot, application_client_id
Référence: /apps/using-github-apps/reviewing-and-modifying-installed-github-apps#modifying-repository-access

integration_installation.suspend: A GitHub App was suspended.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, repository_selection, integration, operation_type, created_at, application_client_id
Référence: /apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access

integration_installation.unsuspend: A GitHub App was unsuspended.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, repository_selection, integration, operation_type, created_at
Référence: /apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access

integration_installation.version_updated: Permissions for a GitHub App were updated.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, integration, name, operation_type, created_at, repository_selection, application_client_id
Référence: /apps/using-github-apps/approving-updated-permissions-for-a-github-app

integration_installation_request

integration_installation_request.close: A request to install a GitHub App was either approved or denied by an owner, or canceled by the member who opened the request.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, url, created_at, operation_type, integration, reason, application_client_id
Référence: /apps/using-github-apps/requesting-a-github-app-from-your-organization-owner

integration_installation_request.create: A member requested that an owner install a GitHub App.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, requester, created_at, url, operation_type, integration, application_client_id
Référence: /apps/using-github-apps/requesting-a-github-app-from-your-organization-owner

ip_allow_list

ip_allow_list.disable: An IP allow list was disabled.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

ip_allow_list.disable_for_installed_apps: An IP allow list was disabled for installed GitHub Apps.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

ip_allow_list.enable: An IP allow list was enabled.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

ip_allow_list.enable_for_installed_apps: An IP allow list was enabled for installed GitHub Apps.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

ip_allow_list_entry

ip_allow_list_entry.create: An IP address was added to an IP allow list.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, active, ip_allow_list_entry, operation_type, created_at

ip_allow_list_entry.destroy: An IP address was deleted from an IP allow list.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, ip_allow_list_entry, operation_type, created_at, active

ip_allow_list_entry.update: An IP address or its description was changed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, ip_allow_list_entry, active

issue_comment

issue_comment.destroy: A comment on an issue was deleted from the repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, oauth_application_id

issue_comment.pinned: A comment on an issue was pinned to a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, public_repo, created_at, operation_type, actor_is_bot

issue_comment.unpinned: A comment on an issue was unpinned from a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, public_repo, created_at, operation_type, actor_is_bot

issue_comment.update: A comment on an issue (other than the initial one) changed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, oauth_application_id

issue

issue.destroy: An issue was deleted from the repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, title, operation_type
Référence: Deleting an issue

issue.pinned: An issue was pinned to a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, owner_type, number, event
Référence: Pinning an issue to your repository

issue.transfer: An issue was transferred to another repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, owner_type, number, operation_type, created_at
Référence: Transferring an issue to another repository

issue.unpinned: An issue was unpinned from a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, event, created_at, operation_type, number, owner_type
Référence: Pinning an issue to your repository

issues

issues.deletes_disabled: The ability for enterprise members to delete issues was disabled Members cannot delete issues in any organizations in an enterprise.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: Enforcing repository management policies in your enterprise

issues.deletes_enabled: The ability for enterprise members to delete issues was enabled Members can delete issues in any organizations in an enterprise.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: Enforcing repository management policies in your enterprise

issues.deletes_policy_cleared: An enterprise owner cleared the policy setting for allowing members to delete issues in an enterprise.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: Enforcing repository management policies in your enterprise

marketplace_agreement_signature

marketplace_agreement_signature.create: The GitHub Marketplace Developer Agreement was signed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

marketplace_listing

marketplace_listing.approve: A listing was approved for inclusion in GitHub Marketplace.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, secondary_category, primary_category, operation_type, created_at, marketplace_listing, integration

marketplace_listing.change_category: A category for a listing for an app in GitHub Marketplace was changed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, primary_category, marketplace_listing, integration, secondary_category, operation_type, created_at

marketplace_listing.create: A listing for an app in GitHub Marketplace was created.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, primary_category, created_at, oauth_application, marketplace_listing, secondary_category, oauth_application_id, operation_type

marketplace_listing.delist: A listing was removed from GitHub Marketplace.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, secondary_category, operation_type, marketplace_listing, primary_category, integration

marketplace_listing.redraft: A listing was sent back to draft state.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, secondary_category, oauth_application_id, operation_type, oauth_application, created_at, marketplace_listing, primary_category

marketplace_listing.reject: A listing was not accepted for inclusion in GitHub Marketplace.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, primary_category, secondary_category, marketplace_listing, oauth_application, oauth_application_id, operation_type, created_at

members_can_create_pages

For more information, see "Managing the publication of GitHub Pages sites for your organization."

members_can_create_pages.disable: The ability for members to publish GitHub Pages sites was disabled.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: /organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization

members_can_create_pages.enable: The ability for members to publish GitHub Pages sites was enabled.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: /organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization

members_can_create_private_pages

members_can_create_private_pages.disable: The ability for members to publish private GitHub Pages was disabled Members cannot publish private GitHub Pages in an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: /organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization

members_can_create_private_pages.enable: The ability for members to publish private GitHub Pages was enabled Members can publish private GitHub Pages in an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: /organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization

members_can_create_public_pages

members_can_create_public_pages.disable: The ability for members to publish public GitHub Pages was disabled Members cannot publish public GitHub Pages in an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: /organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization

members_can_create_public_pages.enable: The ability for members to publish public GitHub Pages was enabled Members can publish public GitHub Pages in an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: /organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization

members_can_delete_repos

members_can_delete_repos.clear: An enterprise owner cleared the policy setting for deleting or transferring repositories in any organizations in an enterprise.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: Enforcing repository management policies in your enterprise

members_can_delete_repos.disable: The ability for enterprise members to delete repositories was disabled Members cannot delete or transfer repositories in any organizations in an enterprise.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: Enforcing repository management policies in your enterprise

members_can_delete_repos.enable: The ability for enterprise members to delete repositories was enabled Members can delete or transfer repositories in any organizations in an enterprise.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: Enforcing repository management policies in your enterprise

members_can_view_dependency_insights

members_can_view_dependency_insights.clear: An enterprise owner cleared the policy setting for viewing dependency insights in any organizations in an enterprise.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

members_can_view_dependency_insights.disable: The ability for enterprise members to view dependency insights was disabled. Members cannot view dependency insights in any organizations in an enterprise.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: Enforcing policies for code security and analysis for your enterprise

members_can_view_dependency_insights.enable: The ability for enterprise members to view dependency insights was enabled. Members can view dependency insights in any organizations in an enterprise.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: Enforcing policies for code security and analysis for your enterprise

merge_queue

merge_queue.pull_request_dequeued: A pull request was removed from a merge queue.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, public_repo, created_at, operation_type

merge_queue.pull_request_queue_jump: A pull request was moved ahead in a merge queue.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, public_repo, created_at, operation_type

merge_queue.queue_cleared: A merge queue was cleared.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, public_repo, created_at, operation_type

merge_queue.update_settings: The settings for a merge queue were updated.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, max_entries_to_build, min_entries_to_merge, public_repo, created_at, operation_type

migration

migration.create: A migration file was created for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, actor_is_bot

migration.destroy_file: A migration file for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance was deleted.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

migration.download: A migration file for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance was downloaded.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, operation_type, created_at, actor_is_bot

network_configuration

network_configuration.create: A network configuration for a hosted compute service was created.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, actor_is_bot, selected_service, network_settings_ids, previous_settings_ids, network_configuration_id, failover_network_settings_ids, failover_network_enabled
Référence: About networking for hosted compute products in your enterprise

network_configuration.delete: A network configuration for a hosted compute service was deleted.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, actor_is_bot, network_configuration_id
Référence: About networking for hosted compute products in your enterprise

network_configuration.update: A network configuration for a hosted compute service was updated.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, actor_is_bot, selected_service, network_settings_ids, previous_settings_ids, failover_network_settings_ids, failover_network_enabled
Référence: About networking for hosted compute products in your enterprise

oauth_application

oauth_application.create: An OAuth application was created.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, oauth_application_id, operation_type, oauth_application
Référence: /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app

oauth_application.destroy: An OAuth application was deleted.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, oauth_application_id, operation_type, oauth_application
Référence: /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app

oauth_application.generate_client_secret: An OAuth application's secret key was generated.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application, oauth_application_id, operation_type, created_at
Référence: /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app

oauth_application.remove_client_secret: An OAuth application's secret key was deleted.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application, oauth_application_id, operation_type, created_at
Référence: /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app

oauth_application.reset_secret: The secret key for an OAuth application was reset.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application, operation_type, created_at, oauth_application_id
Référence: /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app

oauth_application.revoke_all_tokens: All user tokens for an OAuth application were requested to be revoked.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application, oauth_application_id, operation_type, created_at
Référence: /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app

oauth_application.revoke_tokens: Token(s) for an OAuth application were revoked.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, oauth_application, created_at, operation_type
Référence: /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app

oauth_application.transfer: An OAuth application was transferred from one account to another.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, oauth_application, oauth_application_id
Référence: /apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app#registering-your-app

org

org.accept_business_invitation: An invitation sent to an organization to join an enterprise was accepted.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: Adding organizations to your enterprise

org.add_billing_manager: A billing manager was added to an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: /organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization

org.add_member: A user joined an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, permission, operation_type, created_at, actor_is_bot

org.add_outside_collaborator: An outside collaborator was added to a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, inviter, public_repo, permission, invitee, created_at, operation_type

org.advanced_security_disabled_for_new_repos: GitHub Advanced Security was disabled for new repositories in an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

org.advanced_security_disabled_on_all_repos: GitHub Advanced Security was disabled for all repositories in an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

org.advanced_security_enabled_for_new_repos: GitHub Advanced Security was enabled for new repositories in an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

org.advanced_security_enabled_on_all_repos: GitHub Advanced Security was enabled for all repositories in an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

org.advanced_security_policy_selected_member_disabled: An enterprise owner prevented GitHub Advanced Security features from being enabled for repositories owned by the organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: Enforcing policies for code security and analysis for your enterprise

org.advanced_security_policy_selected_member_enabled: An enterprise owner allowed GitHub Advanced Security features to be enabled for repositories owned by the organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, actor_is_bot
Référence: Enforcing policies for code security and analysis for your enterprise

org.allow_third_party_access_requests_from_outside_collaborators_disabled: Third-party application access for outside collaborators was disabled for the organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: Limiting OAuth app and GitHub App access requests and installations

org.allow_third_party_access_requests_from_outside_collaborators_enabled: Third-party application access for outside collaborators was enabled for the organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: /organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests-and-installations#enabling-or-disabling-app-access-requests

org.archive: The organization was archived.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

org.audit_log_export: An export of the organization audit log was created. If the export included a query, the log will list the query used and the number of audit log entries matching that query.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#exporting-the-audit-log

org.audit_log_git_event_export: An export of the organization's Git events was created.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, start, end, operation_type
Référence: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization

org.block_user: An organization owner blocked a user from accessing the organization's repositories.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, blocked_user, operation_type
Référence: /communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization

org.cancel_business_invitation: An invitation for an organization to join an enterprise was revoked
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, initiated_from
Référence: Adding organizations to your enterprise

org.cancel_invitation: An invitation sent to a user to join an organization was revoked.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, email, operation_type, invitation_id, created_at, invitee_email

org.code_scanning_autofix_disabled: Autofix for code scanning alerts was disabled for an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, actor_is_bot

org.code_scanning_autofix_enabled: Autofix for code scanning alerts was enabled for an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, actor_is_bot

org.codeql_disabled: Code scanning using the default setup was disabled for an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: Configuring default setup for code scanning at scale

org.codeql_enabled: Code scanning using the default setup was enabled for an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: Configuring default setup for code scanning at scale

org.codespaces_access_updated: Access to use Codespaces on internal and private repositories was updated for an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, enablement, created_at, operation_type
Référence: /codespaces/managing-codespaces-for-your-organization/enabling-or-disabling-github-codespaces-for-your-organization

org.codespaces_ownership_updated: Ownership and payment for codespaces was updated for an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, owner_type, created_at, operation_type
Référence: /codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization

org.codespaces_team_access_allowed: A team has been allowed to use Codespaces for an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, team, created_at, operation_type

org.codespaces_team_access_revoked: A team has been prevented from using Codespaces for an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, team, created_at, operation_type

org.codespaces_trusted_repo_access_granted: GitHub Codespaces was granted trusted repository access to all other repositories in an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: Managing access to other repositories within your codespace

org.codespaces_trusted_repo_access_revoked: GitHub Codespaces trusted repository access to all other repositories in an organization was revoked.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: Managing access to other repositories within your codespace

org.codespaces_user_access_allowed: A user has been allowed to use Codespaces for an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

org.codespaces_user_access_revoked: A user has been prevented from using Codespaces for an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

org.config.disable_collaborators_only: The interaction limit for collaborators only for an organization was disabled.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: /communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization

org.config.disable_contributors_only: The interaction limit for prior contributors only for an organization was disabled.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: /communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization

org.config.disable_sockpuppet_disallowed: The interaction limit for existing users only for an organization was disabled.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: /communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization

org.config.enable_collaborators_only: The interaction limit for collaborators only for an organization was enabled.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: /communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization

org.config.enable_contributors_only: The interaction limit for prior contributors only for an organization was enabled.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: /communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization

org.config.enable_sockpuppet_disallowed: The interaction limit for existing users only for an organization was enabled.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: /communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization#limiting-interactions-in-your-organization

org.configure_self_hosted_jit_runner: A new just-in-time GitHub Actions self-hosted runner was configured
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: /rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-organization

org.confirm_business_invitation: An invitation for an organization to join an enterprise was confirmed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: Adding organizations to your enterprise

org.connect_usage_metrics_export: Server statistics were exported for the organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: Exporting Server Statistics

org.create: An organization was created.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: /organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch

org.create_actions_secret: A GitHub Actions secret was created for an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, operation_type, created_at
Référence: Using secrets in GitHub Actions

org.create_actions_variable: A GitHub Actions variable was created for an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, visibility, created_at, operation_type
Référence: Store information in variables

org.create_integration_secret: A Codespaces or Dependabot secret was created for an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, visibility, integration, operation_type, created_at

org.delete: An organization was deleted by a user or staff.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

org.disable_member_team_creation_permission: Team creation was limited to owners.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: /organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization

org.disable_oauth_app_restrictions: Third-party application access restrictions for an organization were disabled.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: /organizations/managing-oauth-access-to-your-organizations-data/disabling-oauth-app-access-restrictions-for-your-organization

org.disable_reader_discussion_creation_permission: An organization owner limited discussion creation to users with at least triage permission in an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: /organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization

org.disable_saml: SAML single sign-on was disabled for an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, sso_url, issuer, created_at, operation_type

org.disable_source_ip_disclosure: Display of IP addresses within audit log events for the organization was disabled.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization

org.disable_two_factor_requirement: A two-factor authentication requirement was disabled for the organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

org.display_commenter_full_name_disabled: An organization owner disabled the display of a commenter's full name in an organization. Members cannot see a comment author's full name.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

org.display_commenter_full_name_enabled: An organization owner enabled the display of a commenter's full name in an organization. Members can see a comment author's full name.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

org.enable_member_team_creation_permission: Team creation by members was allowed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: /organizations/managing-organization-settings/setting-team-creation-permissions-in-your-organization

org.enable_oauth_app_restrictions: Third-party application access restrictions for an organization were enabled.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: /organizations/managing-oauth-access-to-your-organizations-data/enabling-oauth-app-access-restrictions-for-your-organization

org.enable_reader_discussion_creation_permission: An organization owner allowed users with read access to create discussions in an organization
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: /organizations/managing-organization-settings/managing-discussion-creation-for-repositories-in-your-organization

org.enable_saml: SAML single sign-on was enabled for the organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, sso_url, created_at, issuer
Référence: Enabling and testing SAML single sign-on for your organization

org.enable_source_ip_disclosure: Display of IP addresses within audit log events for the organization was enabled.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization

org.enable_two_factor_requirement: Two-factor authentication is now required for the organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: /organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization

org.integration_manager_added: An organization owner granted a member access to manage all GitHub Apps owned by an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, manager, operation_type, created_at

org.integration_manager_removed: An organization owner removed access to manage all GitHub Apps owned by an organization from an organization member.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, manager, operation_type, created_at

org.invite_member: A new user was invited to join an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, invitation_id, operation_type, created_at, invitee_email
Référence: /organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization

org.invite_to_business: An organization was invited to join an enterprise.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

org.members_can_update_protected_branches.disable: The ability for enterprise members to update protected branches was disabled. Only enterprise owners can update protected branches.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

org.members_can_update_protected_branches.enable: The ability for enterprise members to update protected branches was enabled. Members of an organization can update protected branches.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

org.oauth_app_access_approved: Access to an organization was granted for an OAuth App.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, url, operation_type, created_at, oauth_application_name
Référence: /organizations/managing-oauth-access-to-your-organizations-data/approving-oauth-apps-for-your-organization

org.oauth_app_access_denied: Access was disabled for an OAuth App that was previously approved.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, url, created_at, operation_type, oauth_application_name
Référence: /organizations/managing-oauth-access-to-your-organizations-data/denying-access-to-a-previously-approved-oauth-app-for-your-organization

org.oauth_app_access_requested: An organization member requested that an owner grant an OAuth App access to an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, url, oauth_application_name

org.recovery_code_failed: An organization owner failed to sign into a organization with an external identity provider (IdP) using a recovery code.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, reason, created_at, operation_type
Référence: Accessing your organization if your identity provider is unavailable

org.recovery_code_used: An organization owner successfully signed into an organization with an external identity provider (IdP) using a recovery code.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: Accessing your organization if your identity provider is unavailable

org.recovery_codes_downloaded: An organization owner downloaded the organization's SSO recovery codes.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: Downloading your organization's SAML single sign-on recovery codes

org.recovery_codes_generated: An organization owner generated the organization's SSO recovery codes.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: Downloading your organization's SAML single sign-on recovery codes

org.recovery_codes_printed: An organization owner printed the organization's SSO recovery codes.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: Downloading your organization's SAML single sign-on recovery codes

org.recovery_codes_viewed: An organization owner viewed the organization's SSO recovery codes.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: Downloading your organization's SAML single sign-on recovery codes

org.register_self_hosted_runner: A new self-hosted runner was registered.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, actor_is_bot
Référence: Adding self-hosted runners

org.remove_actions_secret: A GitHub Actions secret was removed from an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, operation_type, created_at
Référence: Using secrets in GitHub Actions

org.remove_actions_variable: A GitHub Actions variable was removed from an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, created_at, operation_type
Référence: Store information in variables

org.remove_billing_manager: A billing manager was removed from an organization, either manually or due to a two-factor authentication requirement.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: /organizations/managing-peoples-access-to-your-organization-with-roles/removing-a-billing-manager-from-your-organization, /organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization

org.remove_integration_secret: A Codespaces or Dependabot secret was removed from an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, integration, operation_type, created_at

org.remove_member: A member was removed from an organization, either manually or due to a two-factor authentication requirement.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

org.remove_outside_collaborator: An outside collaborator was removed from an organization, either manually or due to a two-factor authentication requirement.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

org.remove_self_hosted_runner: A self-hosted runner was removed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: Removing self-hosted runners

org.rename: An organization was renamed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, old_login, operation_type, created_at

org.required_workflow_create: Triggered when a required workflow is created.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: /actions/using-workflows/required-workflows

org.required_workflow_delete: Triggered when a required workflow is deleted.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: /actions/using-workflows/required-workflows

org.required_workflow_update: Triggered when a required workflow is updated.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: /actions/using-workflows/required-workflows

org.restore_member: An organization member was restored.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: /organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization

org.revoke_external_identity: A member's linked identity was revoked.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: Viewing and managing a member's SAML access to your organization

org.revoke_sso_session: A member's SAML session was revoked.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: Viewing and managing a member's SAML access to your organization

org.runner_group_created: A self-hosted runner group was created.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, runner_group_id, operation_type, created_at, runner_group_restricted_to_workflows, runner_group_selected_workflow_refs, network_configuration_id
Référence: Managing access to self-hosted runners using groups

org.runner_group_removed: A self-hosted runner group was removed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, runner_group_id, operation_type, created_at
Référence: Managing access to self-hosted runners using groups

org.runner_group_renamed: A self-hosted runner group was renamed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, runner_group_id, operation_type, created_at
Référence: Managing access to self-hosted runners using groups

org.runner_group_runner_removed: The REST API was used to remove a self-hosted runner from a group.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, runner_group_id, runner_id, operation_type, created_at
Référence: /rest/actions#remove-a-self-hosted-runner-from-a-group-for-an-organization

org.runner_group_runners_added: A self-hosted runner was added to a group.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, runner_group_id, operation_type, created_at
Référence: Managing access to self-hosted runners using groups

org.runner_group_runners_updated: A runner group's list of members was updated.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, runner_group_id, operation_type, created_at
Référence: /rest/actions#set-self-hosted-runners-in-a-group-for-an-organization

org.runner_group_updated: The configuration of a self-hosted runner group was changed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, runner_group_id, runner_group_name, runner_group_allow_public, operation_type, created_at, runner_group_restricted_to_workflows, runner_group_selected_workflow_refs, network_configuration_id
Référence: Managing access to self-hosted runners using groups

org.runner_group_visiblity_updated: The visibility of a self-hosted runner group was updated via the REST API.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, runner_group_id, visibility, operation_type, created_at
Référence: /rest/actions#update-a-self-hosted-runner-group-for-an-organization

org.secret_scanning_custom_pattern_push_protection_disabled: Push protection for a custom pattern for secret scanning was disabled for an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: Defining custom patterns for secret scanning

org.secret_scanning_custom_pattern_push_protection_enabled: Push protection for a custom pattern for secret scanning was enabled for an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: Defining custom patterns for secret scanning

org.secret_scanning_push_protection_custom_message_disabled: The custom message triggered by an attempted push to a push-protected repository was disabled for an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: About push protection

org.secret_scanning_push_protection_custom_message_enabled: The custom message triggered by an attempted push to a push-protected repository was enabled for an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: About push protection

org.secret_scanning_push_protection_custom_message_updated: The custom message triggered by an attempted push to a push-protected repository was updated for an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: About push protection

org.secret_scanning_push_protection_disable: Push protection for secret scanning was disabled.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: About push protection

org.secret_scanning_push_protection_enable: Push protection for secret scanning was enabled.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: About push protection

org.secret_scanning_push_protection_new_repos_disable: Push protection for secret scanning was disabled for all new repositories in the organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: About push protection

org.secret_scanning_push_protection_new_repos_enable: Push protection for secret scanning was enabled for all new repositories in the organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: About push protection

org.security_center_export_coverage: A CSV export was requested on the Coverage page.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, query, filename, requested_at, created_at, operation_type, actor_is_bot

org.security_center_export_overview_dashboard: A CSV export was requested on the Overview Dashboard page.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, query, filename, requested_at, start_date, end_date, created_at, operation_type, actor_is_bot

org.security_center_export_risk: A CSV export was requested on the Risk page.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, query, filename, requested_at, created_at, operation_type, actor_is_bot

org.self_hosted_runner_offline: The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, runner_id, runner_name, operation_type, created_at
Référence: Monitoring and troubleshooting self-hosted runners

org.self_hosted_runner_online: The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, runner_id, runner_name, operation_type, created_at
Référence: Monitoring and troubleshooting self-hosted runners

org.self_hosted_runner_updated: The runner application was updated. This event is not included in the JSON/CSV export.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, runner_id, runner_name, source_version, target_version, runner_group_id, runner_group_name
Référence: Self-hosted runners

org.set_actions_fork_pr_approvals_policy: The setting for requiring approvals for workflows from public forks was changed for an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, policy, created_at, operation_type
Référence: /organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#requiring-approval-for-workflows-from-public-forks

org.set_actions_private_fork_pr_approvals_policy: The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, policy, created_at, operation_type
Référence: /organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks

org.set_actions_retention_limit: The retention period for GitHub Actions artifacts and logs in an organization was changed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, limit, operation_type, created_at
Référence: /organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization

org.set_default_workflow_permissions: The default permissions granted to the GITHUB_TOKEN when running workflows were changed for an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: /organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization

org.set_fork_pr_workflows_policy: The policy for workflows on private repository forks was changed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, policy, operation_type, created_at
Référence: /organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks

org.set_workflow_permission_can_approve_pr: The policy for allowing GitHub Actions to create and approve pull requests was changed for an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: /organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-creating-or-approving-pull-requests

org.sso_response: A SAML single sign-on (SSO) response was generated when a member attempted to authenticate with your organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, issuer, operation_type, created_at, actor_is_bot

org.transfer: An organization was transferred between enterprise accounts.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, from_business, to_business, created_at, operation_type
Référence: Adding organizations to your enterprise

org.transfer_outgoing: An organization was transferred between enterprise accounts.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, from_business, to_business, created_at, operation_type
Référence: Adding organizations to your enterprise

org.unarchive: The organization was unarchived.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

org.unblock_user: A user was unblocked from an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, blocked_user, operation_type, created_at
Référence: /communities/maintaining-your-safety-on-github/unblocking-a-user-from-your-organization

org.update_actions_secret: A GitHub Actions secret was updated for an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, created_at, key, operation_type
Référence: Using secrets in GitHub Actions

org.update_actions_settings: An organization owner or site administrator updated GitHub Actions policy settings for an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, new_policy, updated_allowed_types, old_policy, updated_access_policy
Référence: /organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization

org.update_actions_variable: A GitHub Actions variable was updated for an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, visibility, created_at, operation_type
Référence: Store information in variables

org.update_default_repository_permission: The default repository permission level for organization members was changed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, permission, old_permission

org.update_integration_secret: A Codespaces or Dependabot secret was updated for an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, visibility, integration, operation_type, created_at

org.update_member: A person's role was changed from owner to member or member to owner.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, old_permission, permission, operation_type

org.update_member_repository_creation_permission: The create repository permission for organization members was changed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, permission, created_at, visibility, operation_type

org.update_member_repository_invitation_permission: An organization owner changed the policy setting for organization members inviting outside collaborators to repositories.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, permission, created_at, operation_type
Référence: Setting permissions for adding outside collaborators

org.update_new_repository_default_branch_setting: The name of the default branch was changed for new repositories in the organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: /organizations/managing-organization-settings/managing-the-default-branch-name-for-repositories-in-your-organization

org.update_repo_self_hosted_runners_policy: The repository self-hosted runners policy was updated
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, old_repo_runners_policy, new_repo_runners_policy, created_at, operation_type
Référence: /organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#limiting-the-use-of-self-hosted-runners

org.update_saml_provider_settings: An organization's SAML provider settings were updated.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, sso_url, operation_type, issuer, created_at

org.update_terms_of_service: An organization changed between the Standard Terms of Service and the GitHub Customer Agreement.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: /organizations/managing-organization-settings/upgrading-to-the-github-customer-agreement

org_credential_authorization

org_credential_authorization.deauthorize: A member removed the SSO (SAML or OIDC) authorization from a credential that had access to your organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, actor_is_bot, oauth_credential_type, managed_oauth_access_id, managed_token_id, managed_oauth_scopes, managed_token_scopes, managed_hashed_token
Référence: Authorizing a personal access token for use with single sign-on

org_credential_authorization.grant: A member authorized credentials for use with SAML or OIDC single sign-on.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, actor_is_bot, oauth_credential_type, managed_oauth_access_id, managed_token_id, managed_oauth_scopes, managed_token_scopes, managed_hashed_token
Référence: Authenticating with single sign-on

org_credential_authorization.revoke: An owner revoked authorized credentials.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, owner, oauth_application_id, operation_type, created_at, oauth_credential_type, managed_oauth_access_id, managed_token_id, managed_oauth_scopes, managed_token_scopes, managed_hashed_token
Référence: Viewing and managing a member's SAML access to your organization

org_secret_scanning_automatic_validity_checks

org_secret_scanning_automatic_validity_checks.disabled: Automatic partner validation checks have been disabled at the organization level
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, actor_is_bot
Référence: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization

org_secret_scanning_automatic_validity_checks.enabled: Automatic partner validation checks have been enabled at the organization level
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, actor_is_bot
Référence: /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization

org_secret_scanning_custom_pattern

org_secret_scanning_custom_pattern.create: A custom pattern was created for secret scanning in an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: Defining custom patterns for secret scanning

org_secret_scanning_custom_pattern.delete: A custom pattern was removed from secret scanning in an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: Defining custom patterns for secret scanning

org_secret_scanning_custom_pattern.publish: A custom pattern was published for secret scanning in an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: Defining custom patterns for secret scanning

org_secret_scanning_custom_pattern.update: Changes to a custom pattern were saved and a dry run was executed for secret scanning in an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: Defining custom patterns for secret scanning

org_secret_scanning_generic_secrets

org_secret_scanning_generic_secrets.disabled: Generic secrets have been disabled at the organization level
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

org_secret_scanning_generic_secrets.enabled: Generic secrets have been enabled at the organization level
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

org_secret_scanning_non_provider_patterns

org_secret_scanning_non_provider_patterns.disabled: Secret scanning for non-provider patterns was disabled at the organization level.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, actor_is_bot
Référence: Supported secret scanning patterns

org_secret_scanning_non_provider_patterns.enabled: Secret scanning for non-provider patterns was enabled at the organization level.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, actor_is_bot
Référence: Supported secret scanning patterns

org_secret_scanning_push_protection_bypass_list

org_secret_scanning_push_protection_bypass_list.add: A role or team was added to the push protection bypass list at the organization level.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, actor_is_bot
Référence: About push protection

org_secret_scanning_push_protection_bypass_list.disable: Push protection settings for "Users who can bypass push protection for secret scanning" changed from "Specific roles or teams" to "Anyone with write access" at the organization level.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, actor_is_bot
Référence: About push protection

org_secret_scanning_push_protection_bypass_list.enable: Push protection settings for "Users who can bypass push protection for secret scanning" changed from "Anyone with write access" to "Specific roles or teams" at the organization level.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, actor_is_bot
Référence: About push protection

org_secret_scanning_push_protection_bypass_list.remove: A role or team was removed from the push protection bypass list at the organization level.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, actor_is_bot
Référence: About push protection

organization_default_label

organization_default_label.create: A default label was created for repositories in an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: /organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#creating-a-default-label

organization_default_label.destroy: A default label was deleted for repositories in an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: /organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#deleting-a-default-label

organization_default_label.update: A default label was edited for repositories in an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: /organizations/managing-organization-settings/managing-default-labels-for-repositories-in-your-organization#editing-a-default-label

organization_domain

organization_domain.approve: A domain was approved for an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, owner_type, domain_name, owner, operation_type, created_at
Référence: /organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#approving-a-domain-for-your-organization

organization_domain.create: A domain was added to an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, domain_name, operation_type
Référence: /organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization

organization_domain.destroy: A domain was removed from an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, domain_name, operation_type, created_at
Référence: /organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#removing-an-approved-or-verified-domain

organization_domain.verify: A domain was verified for an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, domain_name, created_at
Référence: /organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization#verifying-a-domain-for-your-organization

organization_projects_change

organization_projects_change.clear: An enterprise owner cleared the policy setting for organization-wide project boards in an enterprise.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: Enforcing policies for projects in your enterprise

organization_projects_change.disable: Organization projects were disabled for all organizations in an enterprise.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: Enforcing policies for projects in your enterprise

organization_projects_change.enable: Organization projects were enabled for all organizations in an enterprise.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: Enforcing policies for projects in your enterprise

organization_role

organization_role.assign: An organization role was assigned to a user or team.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, organization_role_id, organization_role_name, created_at, operation_type, actor_is_bot
Référence: About custom organization roles

organization_role.create: A custom organization role was created in an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, owner, role_permissions, base_role, created_at, operation_type, actor_is_bot
Référence: About custom organization roles

organization_role.destroy: A custom organization role was deleted in an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, owner, role_permissions, base_role, created_at, operation_type
Référence: About custom organization roles

organization_role.revoke: A user or team was unassigned an organization role.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, organization_role_id, organization_role_name, created_at, operation_type
Référence: About custom organization roles

organization_role.update: A custom organization role was edited in an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, owner, role_permissions, base_role, old_role_permissions, created_at, operation_type, actor_is_bot, old_base_role
Référence: About custom organization roles

packages

packages.package_deleted: An entire package was deleted.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, package, operation_type, created_at, actor_is_bot
Référence: /packages/learn-github-packages/deleting-and-restoring-a-package

packages.package_published: A package was published or republished to an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, package, ecosystem, version_count, is_republished, operation_type, created_at, actor_is_bot

packages.package_version_deleted: A specific package version was deleted.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, package, version, operation_type, created_at, ecosystem, actor_is_bot
Référence: /packages/learn-github-packages/deleting-and-restoring-a-package

packages.package_version_published: A specific package version was published or republished to a package.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, ecosystem, package, version, is_republished, operation_type, created_at, actor_is_bot

pages_protected_domain

pages_protected_domain.create: A GitHub Pages verified domain was created for an organization or enterprise.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, owner, owner_type, domain, state, created_at, operation_type
Référence: /pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages

pages_protected_domain.delete: A GitHub Pages verified domain was deleted from an organization or enterprise.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, owner, owner_type, domain, state, created_at, operation_type
Référence: /pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages

pages_protected_domain.verify: A GitHub Pages domain was verified for an organization or enterprise.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, owner, owner_type, domain, state, created_at, operation_type
Référence: /pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages

payment_method

payment_method.create: A new payment method was added, such as a new credit card or PayPal account.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

payment_method.remove: A payment method was removed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

payment_method.update: An existing payment method was updated.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

personal_access_token

personal_access_token.access_granted: A fine-grained personal access token was granted access to resources.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, user_programmatic_access_id, user_programmatic_access_name, repository_selection, created_at, operation_type
Référence: /organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization

personal_access_token.access_revoked: A fine-grained personal access token was revoked. The token can still read public organization resources.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, user_programmatic_access_id, user_programmatic_access_name, repository_selection, created_at, operation_type
Référence: /organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization

personal_access_token.request_cancelled: A pending request for a fine-grained personal access token to access organization resources was canceled.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, user_programmatic_access_name, repository_selection, created_at, operation_type, user_programmatic_access_request_id

personal_access_token.request_created: Triggered when a fine-grained personal access token was created to access organization resources and the organization requires approval before the token can access organization resources.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, user_programmatic_access_id, user_programmatic_access_name, repository_selection, created_at, operation_type, user_programmatic_access_request_id
Référence: /organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization

personal_access_token.request_denied: A request for a fine-grained personal access token to access organization resources was denied.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, user_programmatic_access_name, repository_selection, created_at, operation_type, user_programmatic_access_request_id
Référence: /organizations/managing-programmatic-access-to-your-organization/managing-requests-for-personal-access-tokens-in-your-organization

prebuild_configuration

prebuild_configuration.create: A GitHub Codespaces prebuild configuration for a repository was created.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, branch, created_at, operation_type, public_repo
Référence: /codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds

prebuild_configuration.destroy: A GitHub Codespaces prebuild configuration for a repository was deleted.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, branch, created_at, operation_type, public_repo
Référence: /codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds

prebuild_configuration.run_triggered: A user initiated a run of a GitHub Codespaces prebuild configuration for a repository branch.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, branch, created_at, operation_type, public_repo
Référence: /codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds

prebuild_configuration.update: A GitHub Codespaces prebuild configuration for a repository was edited.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, branch, created_at, operation_type, public_repo
Référence: /codespaces/prebuilding-your-codespaces/about-github-codespaces-prebuilds

private_repository_forking

private_repository_forking.clear: An enterprise owner cleared the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

private_repository_forking.disable: An enterprise owner disabled the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise. Private and internal repositories are never allowed to be forked.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

private_repository_forking.enable: An enterprise owner enabled the policy setting for allowing forks of private and internal repositories, for a repository, organization or enterprise. Private and internal repositories are always allowed to be forked.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

profile_picture

profile_picture.update: A profile picture was updated.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, owner, operation_type
Référence: Personalize your profile

project

project.access: A project board visibility was changed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

project.close: A project board was closed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, project_id, project_kind
Référence: Closing a project (classic)

project.create: A project board was created.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

project.delete: A project board was deleted.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

project.link: A repository was linked to a project board.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

project.open: A project board was reopened.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, project_id, operation_type, created_at, project_kind, project_name
Référence: Reopening a closed project (classic)

project.rename: A project board was renamed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, old_name, operation_type

project.unlink: A repository was unlinked from a project board.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

project.update_org_permission: The project's base-level permission for all organization members was changed or removed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

project.update_team_permission: A team's project board permission level was changed or when a team was added or removed from a project board.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, team

project.update_user_permission: A user was added to or removed from a project board or had their permission level changed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

project.visibility_private: A project's visibility was changed from public to private.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, project_id, created_at, operation_type, project_kind, project_name

project.visibility_public: A project's visibility was changed from private to public.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, project_id, created_at, operation_type, project_kind, project_name

project_collaborator

project_collaborator.add: A collaborator was added to a project.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, collaborator_type, collaborator, created_at, operation_type, actor_is_bot, public_project, project_name, project_role, old_project_role

project_collaborator.remove: A collaborator was removed from a project.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, collaborator_type, collaborator, created_at, operation_type

project_collaborator.update: A project collaborator's permission level was changed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, public_project, project_name, collaborator_type, project_role, old_project_role, project_id, collaborator, created_at, operation_type

project_field

project_field.create: A field was created in a project board.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: /issues/planning-and-tracking-with-projects/understanding-fields

project_field.delete: A field was deleted in a project board.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: /issues/planning-and-tracking-with-projects/understanding-fields/deleting-custom-fields

project_view

project_view.create: A view was created in a project board.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: /issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views

project_view.delete: A view was deleted in a project board.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: /issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views

protected_branch

protected_branch.authorized_users_teams: The users, teams, or integrations allowed to bypass a branch protection were changed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, created_at, operation_type, oauth_application_id
Référence: /repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches

protected_branch.branch_allowances: A protected branch allowance was given to a specific user, team or integration.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, authorized_actors, policy, public_repo, created_at, operation_type

protected_branch.create: Branch protection was enabled on a branch.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, name, created_at, authorized_actor_names, required_deployments_enforcement_level, merge_queue_enforcement_level, create_protected

protected_branch.destroy: Branch protection was disabled on a branch.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, operation_type, created_at, required_deployments_enforcement_level, merge_queue_enforcement_level, create_protected

protected_branch.dismiss_stale_reviews: Enforcement of dismissing stale pull requests was updated on a branch.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, dismiss_stale_reviews_on_push, created_at, operation_type, name

protected_branch.dismissal_restricted_users_teams: Enforcement of restricting users and/or teams who can dismiss reviews was updated on a branch.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, authorized_actors_only, authorized_actors, created_at, name, operation_type

protected_branch.policy_override: A branch protection requirement was overridden by a repository administrator.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, reasons, before, after, operation_type, branch, overridden_codes, referrer, deploy_key_fingerprint, compliant_pull_request_ids, rule_suite_id

protected_branch.rejected_ref_update: A branch update attempt was rejected.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, branch, before, overridden_codes, after, reasons, deploy_key_fingerprint, compliant_pull_request_ids, actor_is_bot, rule_suite_id

protected_branch.update_admin_enforced: Branch protection was enforced for repository administrators.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, admin_enforced, operation_type, name, created_at

protected_branch.update_allow_deletions_enforcement_level: Branch deletion was enabled or disabled for a protected branch.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, operation_type, allow_deletions_enforcement_level, created_at

protected_branch.update_allow_force_pushes_enforcement_level: Force pushes were enabled or disabled for a branch.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, operation_type, allow_force_pushes_enforcement_level, created_at

protected_branch.update_ignore_approvals_from_contributors: Ignoring of approvals from contributors to a pull request was enabled or disabled for a branch.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, ignore_approvals_from_contributors, public_repo, created_at, operation_type
Référence: /repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule

protected_branch.update_linear_history_requirement_enforcement_level: Required linear commit history was enabled or disabled for a branch.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, linear_history_requirement_enforcement_level, name, created_at

protected_branch.update_lock_allows_fetch_and_merge: Fork syncing was enabled or disabled for a read-only branch
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, lock_allows_fetch_and_merge, public_repo, created_at, operation_type
Référence: repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch

protected_branch.update_lock_branch_enforcement_level: The enforcement of a branch lock was updated.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, enforcement_level, lock_branch_enforcement_level, public_repo, created_at, operation_type
Référence: /repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch

protected_branch.update_merge_queue_enforcement_level: Enforcement of the merge queue was modified for a branch.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, merge_queue_enforcement_level, public_repo, created_at, operation_type
Référence: /repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-merge-queue

protected_branch.update_name: A branch name pattern was updated for a branch.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, old_name, operation_type, created_at, public_repo

protected_branch.update_pull_request_reviews_enforcement_level: Enforcement of required pull request reviews was updated for a branch. Can be 0 (deactivated), 1 (non-admins), or 2 (everyone).
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, pull_request_reviews_enforcement_level, created_at, operation_type

protected_branch.update_require_code_owner_review: Enforcement of required code owner review was updated for a branch.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, require_code_owner_review, operation_type, name

protected_branch.update_require_last_push_approval: Someone other than the person who pushed the last code-modifying commit to the branch must approve pull requests for the branch.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, require_last_push_approval, public_repo, created_at, operation_type
Référence: /repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging

protected_branch.update_required_approving_review_count: Enforcement of the required number of approvals before merging was updated on a branch.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, required_approving_review_count, created_at, operation_type, name

protected_branch.update_required_status_checks_enforcement_level: Enforcement of required status checks was updated for a branch.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, operation_type, created_at, required_status_checks_enforcement_level

protected_branch.update_signature_requirement_enforcement_level: Enforcement of required commit signing was updated for a branch.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, name, created_at, signature_requirement_enforcement_level

protected_branch.update_strict_required_status_checks_policy: Enforcement of required status checks was updated for a branch.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, name, operation_type, strict_required_status_checks_policy

public_key

public_key.create: An SSH key was added to a user account or a deploy key was added to a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, read_only, operation_type, created_at, key, fingerprint, title
Référence: /authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account

public_key.delete: An SSH key was removed from a user account or a deploy key was removed from a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, fingerprint, read_only, explanation, key, operation_type, title, created_at
Référence: /authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys

public_key.unverification_failure: A user account's SSH key or a repository's deploy key was unable to be unverified.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, title, key, fingerprint, read_only, created_at, operation_type
Référence: /authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys

public_key.unverify: A user account's SSH key or a repository's deploy key was unverified.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, title, key, read_only, explanation, fingerprint
Référence: /authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys

public_key.update: A user account's SSH key or a repository's deploy key was updated.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, fingerprint, read_only, operation_type, created_at, title
Référence: /authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys

public_key.verification_failure: A user account's SSH key or a repository's deploy key was unable to be verified.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, fingerprint, oauth_application_id, title, created_at, read_only, operation_type
Référence: /authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys

public_key.verify: A user account's SSH key or a repository's deploy key was verified.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, key, fingerprint, title, read_only
Référence: /authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys

pull_request

pull_request.close: A pull request was closed without being merged.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, pull_request_id, operation_type, created_at, pull_request_url, actor_is_bot
Référence: /pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/closing-a-pull-request

pull_request.converted_to_draft: A pull request was converted to a draft.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, pull_request_id, operation_type, created_at, pull_request_url
Référence: /pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#converting-a-pull-request-to-a-draft

pull_request.create: A pull request was created.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, pull_request_id, operation_type, created_at, pull_request_url, actor_is_bot, actor_is_agent
Référence: /pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request

pull_request.create_review_request: A review was requested on a pull request.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, pull_request_id, reviewer_type, reviewer, reviewer_id, operation_type, created_at, pull_request_url, actor_is_agent
Référence: /pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews

pull_request.in_progress: A pull request was marked as in progress.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, pull_request_id, operation_type, created_at

pull_request.indirect_merge: A pull request was considered merged because the pull request's commits were merged into the target branch.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, pull_request_id, operation_type, created_at, pull_request_url

pull_request.merge: A pull request was merged.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, pull_request_id, operation_type, created_at, pull_request_url, actor_is_bot
Référence: /pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request

pull_request.ready_for_review: A pull request was marked as ready for review.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, pull_request_id, operation_type, created_at, pull_request_url
Référence: /pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review

pull_request.rebase: A pull request was rebased.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, pull_request_id, pull_request_url, pull_request_title, public_repo, created_at, operation_type

pull_request.remove_review_request: A review request was removed from a pull request.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, pull_request_id, reviewer_type, reviewer, reviewer_id, operation_type, created_at, pull_request_url
Référence: /pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews

pull_request.reopen: A pull request was reopened after previously being closed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, pull_request_id, operation_type, created_at, pull_request_url

pull_request_review_comment

pull_request_review_comment.create: A review comment was added to a pull request.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, comment_id, operation_type, created_at, actor_is_agent
Référence: /pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews

pull_request_review_comment.delete: A review comment on a pull request was deleted.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, comment_id, operation_type

pull_request_review_comment.update: A review comment on a pull request was changed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, comment_id

pull_request_review

pull_request_review.delete: A review on a pull request was deleted.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, pull_request_id, review_id, operation_type, created_at, pull_request_url

pull_request_review.dismiss: A review on a pull request was dismissed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, pull_request_id, review_id, operation_type, created_at, pull_request_url
Référence: /pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/dismissing-a-pull-request-review

pull_request_review.submit: A review on a pull request was submitted.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, pull_request_id, review_id, operation_type, created_at, pull_request_url, actor_is_agent
Référence: /pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request#submitting-your-review

repo

repo.access: The visibility of a repository changed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, visibility, previous_visibility
Référence: /repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility

repo.actions_enabled: GitHub Actions was enabled for a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api

repo.add_member: A collaborator was added to a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, created_at, operation_type, oauth_application_id
Référence: Inviting collaborators to a personal repository

repo.add_topic: A topic was added to a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, topic, created_at, operation_type
Référence: /repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics

repo.advanced_security_disabled: GitHub Advanced Security was disabled for a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, actor_is_bot
Référence: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository

repo.advanced_security_enabled: GitHub Advanced Security was enabled for a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, public_repo, actor_is_bot
Référence: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository

repo.archived: A repository was archived.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, visibility
Référence: /repositories/archiving-a-github-repository

repo.change_merge_setting: Pull request merge options were changed for a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, created_at, operation_type, public_repo, actor_is_bot

repo.code_scanning_analysis_deleted: Code scanning analysis for a repository was deleted.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, operation_type, created_at, public_repo, tool, category
Référence: /rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository

repo.code_scanning_autofix_disabled: Autofix for code scanning alerts was disabled for a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, public_repo, created_at, operation_type, actor_is_bot

repo.code_scanning_autofix_enabled: Autofix for code scanning alerts was enabled for a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, public_repo, created_at, operation_type, actor_is_bot

repo.code_scanning_configuration_for_branch_deleted: A code scanning configuration for a branch of a repository was deleted.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, tool, branch, category, public_repo, created_at, operation_type
Référence: Resolving code scanning alerts

repo.codeql_disabled: Code scanning using the default setup was disabled for a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, public_repo, created_at, operation_type
Référence: Configuring default setup for code scanning

repo.codeql_enabled: Code scanning using the default setup was enabled for a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, public_repo, created_at, operation_type, query_suite, threat_model, languages
Référence: Configuring default setup for code scanning

repo.codeql_updated: Code scanning using the default setup was updated for a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, query_suite, threat_model, languages, public_repo, created_at, operation_type, actor_is_bot
Référence: Configuring default setup for code scanning

repo.codespaces_trusted_repo_access_granted: GitHub Codespaces was granted trusted repository access to this repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, public_repo

repo.codespaces_trusted_repo_access_revoked: GitHub Codespaces trusted repository access to this repository was revoked.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

repo.config.disable_collaborators_only: The interaction limit for collaborators only was disabled.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: /communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository

repo.config.disable_contributors_only: The interaction limit for prior contributors only was disabled in a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: /communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository

repo.config.disable_sockpuppet_disallowed: The interaction limit for existing users only was disabled in a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: /communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository

repo.config.enable_collaborators_only: The interaction limit for collaborators only was enabled in a repository Users that are not collaborators or organization members were unable to interact with a repository for a set duration.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, created_at, operation_type
Référence: /communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository

repo.config.enable_contributors_only: The interaction limit for prior contributors only was enabled in a repository Users that are not prior contributors, collaborators or organization members were unable to interact with a repository for a set duration.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: /communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository

repo.config.enable_sockpuppet_disallowed: The interaction limit for existing users was enabled in a repository New users aren't able to interact with a repository for a set duration Existing users of the repository, contributors, collaborators or organization members are able to interact with a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: /communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository

repo.configure_self_hosted_jit_runner: A new just-in-time GitHub Actions self-hosted runner was configured
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, public_repo, created_at, operation_type
Référence: /rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-a-repository

repo.create: A repository was created.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, operation_type, request_category, created_at, oauth_application_id, request_method, public_repo, actor_is_bot
Référence: /repositories/creating-and-managing-repositories/creating-a-new-repository

repo.create_actions_secret: A GitHub Actions secret was created for a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, operation_type, created_at
Référence: Using secrets in GitHub Actions

repo.create_actions_variable: A GitHub Actions variable was created for a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, visibility, public_repo, created_at, operation_type
Référence: Store information in variables

repo.create_integration_secret: A Codespaces or Dependabot secret was created for a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, visibility, integration, operation_type, created_at, public_repo

repo.destroy: A repository was deleted.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, request_category, visibility, created_at, request_method, oauth_application_id, actor_is_bot
Référence: /repositories/creating-and-managing-repositories/deleting-a-repository

repo.download_zip: A source code archive of a repository was downloaded as a ZIP file.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, created_at, operation_type, public_repo, actor_is_bot
Référence: /repositories/working-with-files/using-files/downloading-source-code-archives

repo.pages_cname: A GitHub Pages custom domain was modified in a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, cname, created_at, operation_type, old_cname

repo.pages_create: A GitHub Pages site was created.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, operation_type, created_at

repo.pages_destroy: A GitHub Pages site was deleted.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, visibility, operation_type

repo.pages_https_redirect_disabled: HTTPS redirects were disabled for a GitHub Pages site.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, operation_type, created_at

repo.pages_https_redirect_enabled: HTTPS redirects were enabled for a GitHub Pages site.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, visibility, operation_type

repo.pages_private: A GitHub Pages site visibility was changed to private.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, operation_type, created_at

repo.pages_public: A GitHub Pages site visibility was changed to public.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, operation_type, created_at

repo.pages_soft_delete: A GitHub Pages site was soft-deleted because its owner's plan changed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, public_repo, created_at, operation_type

repo.pages_soft_delete_restore: A GitHub Pages site that was previously soft-deleted was restored.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, public_repo, created_at, operation_type

repo.pages_source: A GitHub Pages source was modified.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, visibility, created_at

repo.register_self_hosted_runner: A new self-hosted runner was registered.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: Adding self-hosted runners

repo.remove_actions_secret: A GitHub Actions secret was deleted for a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, operation_type, created_at
Référence: Using secrets in GitHub Actions

repo.remove_actions_variable: A GitHub Actions variable was deleted for a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, public_repo, created_at, operation_type
Référence: Store information in variables

repo.remove_integration_secret: A Codespaces or Dependabot secret was deleted for a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, integration, operation_type, created_at, public_repo

repo.remove_member: A collaborator was removed from a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, visibility
Référence: Removing a collaborator from a personal repository

repo.remove_self_hosted_runner: A self-hosted runner was removed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: Removing self-hosted runners

repo.remove_topic: A topic was removed from a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, topic, operation_type, created_at

repo.rename: A repository was renamed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, old_name, created_at, operation_type, visibility
Référence: /repositories/creating-and-managing-repositories/renaming-a-repository

repo.rename_branch: A branch was renamed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, old_branch, new_branch, default_branch, operation_type, created_at, public_repo, actor_is_bot
Référence: /repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/renaming-a-branch

repo.self_hosted_runner_offline: The runner application was stopped. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, runner_id, runner_name, operation_type, created_at
Référence: Monitoring and troubleshooting self-hosted runners

repo.self_hosted_runner_online: The runner application was started. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, runner_id, runner_name, operation_type, created_at
Référence: Monitoring and troubleshooting self-hosted runners

repo.self_hosted_runner_updated: The runner application was updated. This event is not included in the JSON/CSV export.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, runner_id, runner_name, source_version, target_version, runner_group_id, runner_group_name
Référence: Self-hosted runners

repo.set_actions_fork_pr_approvals_policy: The setting for requiring approvals for workflows from public forks was changed for a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, policy, created_at, operation_type, public_repo
Référence: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks

repo.set_actions_private_fork_pr_approvals_policy: The policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, policy, public_repo, created_at, operation_type
Référence: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories

repo.set_actions_retention_limit: The retention period for GitHub Actions artifacts and logs in a repository was changed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, limit, operation_type, created_at
Référence: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository

repo.set_default_workflow_permissions: The default permissions granted to the GITHUB_TOKEN when running workflows were changed for a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, public_repo, created_at, operation_type
Référence: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository

repo.set_fork_pr_workflows_policy: Triggered when the policy for workflows on private repository forks is changed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, policy, operation_type, created_at
Référence: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks

repo.set_workflow_permission_can_approve_pr: The policy for allowing GitHub Actions to create and approve pull requests was changed for a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, public_repo, created_at, operation_type
Référence: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests

repo.staff_unlock: An enterprise owner or GitHub staff (with permission from a repository administrator) temporarily unlocked the repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

repo.transfer: A user accepted a request to receive a transferred repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, owner, old_user, operation_type, created_at, visibility, repo_was
Référence: /repositories/creating-and-managing-repositories/transferring-a-repository

repo.transfer_outgoing: A repository was transferred to another repository network.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, new_nwo, visibility, created_at, operation_type, public_repo

repo.transfer_start: A user sent a request to transfer a repository to another user or organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, visibility

repo.unarchived: A repository was unarchived.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, visibility
Référence: /repositories/archiving-a-github-repository

repo.update_actions_access_settings: The setting to control how a repository was used by GitHub Actions workflows in other repositories was changed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, policy, old_policy, created_at, operation_type

repo.update_actions_secret: A GitHub Actions secret was updated for a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, key, operation_type, created_at
Référence: Using secrets in GitHub Actions

repo.update_actions_settings: A repository administrator changed GitHub Actions policy settings for a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, operation_type, created_at, new_policy, old_policy, updated_access_policy, actor_is_bot

repo.update_actions_variable: A GitHub Actions variable was updated for a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, visibility, public_repo, created_at, operation_type
Référence: Store information in variables

repo.update_default_branch: The default branch for a repository was changed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, visibility, operation_type, created_at, actor_is_bot

repo.update_integration_secret: A Codespaces or Dependabot secret was updated for a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, key, visibility, integration, operation_type, created_at, public_repo

repo.update_member: A user's permission to a repository was changed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, oauth_application_id, operation_type, visibility, old_permission, old_base_role, old_repo_permission, old_repo_base_role, new_repo_base_role, new_repo_permission, actor_is_bot

repository_advisory

repository_advisory.close: Someone closed a security advisory.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: About repository security advisories

repository_advisory.cve_request: Someone requested a CVE (Common Vulnerabilities and Exposures) number from GitHub for a draft security advisory.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

repository_advisory.github_broadcast: GitHub made a security advisory public in the GitHub Advisory Database.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, public_repo

repository_advisory.github_withdraw: GitHub withdrew a security advisory that was published in error.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

repository_advisory.open: Someone opened a draft security advisory.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

repository_advisory.publish: Someone published a security advisory.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

repository_advisory.reopen: Someone reopened as draft security advisory.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, public_repo

repository_advisory.update: Someone edited a draft or published security advisory.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

repository_branch_protection_evaluation

repository_branch_protection_evaluation.disable: Branch protections were disabled for the repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: /repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule

repository_branch_protection_evaluation.enable: Branch protections were enabled for this repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: /repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule

repository_content_analysis

repository_content_analysis.disable: Data use settings were disabled for a private repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories

repository_content_analysis.enable: Data use settings were enabled for a private repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories

repository_dependency_graph

repository_dependency_graph.disable: The dependency graph was disabled for a private repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: /repositories/managing-your-repositorys-settings-and-features/enabling-fea, tures-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories

repository_dependency_graph.enable: The dependency graph was enabled for a private repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, public_repo, actor_is_bot

repository_image

repository_image.create: An image to represent a repository was uploaded.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, content_type

repository_image.destroy: An image to represent a repository was deleted.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, content_type, created_at, operation_type

repository_invitation

repository_invitation.accept: An invitation to join a repository was accepted.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, invitee, operation_type, inviter

repository_invitation.cancel: An invitation to join a repository was canceled.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, inviter, operation_type, invitee, created_at

repository_invitation.create: An invitation to join a repository was sent.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, invitee, inviter, created_at, operation_type

repository_invitation.reject: An invitation to join a repository was declined.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, invitee, operation_type, created_at, inviter

repository_projects_change

repository_projects_change.clear: The repository projects policy was removed for an organization, or all organizations in the enterprise Organization owners can now control their repository projects settings.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: Enforcing policies for projects in your enterprise

repository_projects_change.disable: Repository projects were disabled for a repository, all repositories in an organization, or all organizations in an enterprise.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

repository_projects_change.enable: Repository projects were enabled for a repository, all repositories in an organization, or all organizations in an enterprise.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

repository_ruleset

repository_ruleset.create: A repository ruleset was created.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, public_repo, created_at, operation_type, ruleset_id, ruleset_name, ruleset_enforcement, ruleset_source_type, ruleset_rules, ruleset_conditions, ruleset_bypass_actors
Référence: /repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository

repository_ruleset.destroy: A repository ruleset was deleted.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, public_repo, created_at, operation_type, ruleset_id, ruleset_name, ruleset_enforcement, ruleset_source_type, ruleset_rules, ruleset_bypass_actors
Référence: /repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#deleting-a-ruleset

repository_ruleset.update: A repository ruleset was edited.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, old_name, public_repo, created_at, operation_type, ruleset_id, ruleset_name, ruleset_enforcement, ruleset_source_type, ruleset_rules_updated, ruleset_conditions_added, ruleset_conditions_deleted, ruleset_old_enforcement, ruleset_rules_added, ruleset_rules_deleted, ruleset_old_name, ruleset_conditions_updated, ruleset_bypass_actors_added, ruleset_bypass_actors_deleted, ruleset_bypass_actors_updated, actor_is_bot
Référence: /repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/managing-rulesets-for-a-repository#editing-a-ruleset

repository_secret_scanning_automatic_validity_checks

repository_secret_scanning_automatic_validity_checks.disabled: Automatic partner validation checks have been disabled at the repository level
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, public_repo, created_at, operation_type, actor_is_bot
Référence: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository

repository_secret_scanning_automatic_validity_checks.enabled: Automatic partner validation checks have been enabled at the repository level
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, public_repo, created_at, operation_type, actor_is_bot
Référence: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository

repository_secret_scanning_custom_pattern

repository_secret_scanning_custom_pattern.create: A custom pattern was created for secret scanning in a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, public_repo
Référence: Defining custom patterns for secret scanning

repository_secret_scanning_custom_pattern.delete: A custom pattern was removed from secret scanning in a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, public_repo
Référence: Defining custom patterns for secret scanning

repository_secret_scanning_custom_pattern.publish: A custom pattern was published for secret scanning in a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, public_repo, created_at, operation_type, actor_is_bot
Référence: Defining custom patterns for secret scanning

repository_secret_scanning_custom_pattern.update: Changes to a custom pattern were saved and a dry run was executed for secret scanning in a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, public_repo
Référence: Defining custom patterns for secret scanning

repository_secret_scanning_custom_pattern_push_protection

repository_secret_scanning_custom_pattern_push_protection.disabled: Push protection for a custom pattern for secret scanning was disabled for your repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, public_repo, created_at, operation_type
Référence: Defining custom patterns for secret scanning

repository_secret_scanning_custom_pattern_push_protection.enabled: Push protection for a custom pattern for secret scanning was enabled for your repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, public_repo, created_at, operation_type, actor_is_bot
Référence: Defining custom patterns for secret scanning

repository_secret_scanning

repository_secret_scanning.disable: Secret scanning was disabled for a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, public_repo
Référence: About secret scanning

repository_secret_scanning.enable: Secret scanning was enabled for a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

repository_secret_scanning_generic_secrets

repository_secret_scanning_generic_secrets.disabled: Generic secrets have been disabled at the repository level
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, public_repo, created_at, operation_type, actor_is_bot

repository_secret_scanning_generic_secrets.enabled: Generic secrets have been enabled at the repository level
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, public_repo, created_at, operation_type, actor_is_bot

repository_secret_scanning_non_provider_patterns

repository_secret_scanning_non_provider_patterns.disabled: Secret scanning for non-provider patterns was disabled at the repository level.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, public_repo, created_at, operation_type, actor_is_bot
Référence: Supported secret scanning patterns

repository_secret_scanning_non_provider_patterns.enabled: Secret scanning for non-provider patterns was enabled at the repository level.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, public_repo, created_at, operation_type, actor_is_bot
Référence: Supported secret scanning patterns

repository_secret_scanning_push_protection_bypass_list

repository_secret_scanning_push_protection_bypass_list.add: A role or team was added to the push protection bypass list at the repository level.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, public_repo, created_at, operation_type
Référence: About push protection

repository_secret_scanning_push_protection_bypass_list.disable: Push protection settings for "Users who can bypass push protection for secret scanning" changed from "Specific roles or teams" to "Anyone with write access" at the repository level.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, public_repo, created_at, operation_type, actor_is_bot
Référence: About push protection

repository_secret_scanning_push_protection_bypass_list.enable: Push protection settings for "Users who can bypass push protection for secret scanning" changed from "Anyone with write access" to "Specific roles or teams" at the repository level.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, public_repo, created_at, operation_type, actor_is_bot
Référence: About push protection

repository_secret_scanning_push_protection_bypass_list.remove: A role or team was removed from the push protection bypass list at the repository level.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, public_repo, created_at, operation_type
Référence: About push protection

repository_secret_scanning_push_protection

repository_secret_scanning_push_protection.disable: Secret scanning push protection was disabled for a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, public_repo
Référence: About push protection

repository_secret_scanning_push_protection.enable: Secret scanning push protection was enabled for a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, public_repo
Référence: About push protection

repository_security_configuration

repository_security_configuration.applied: A code security configuration was applied to a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, security_configuration_id, security_configuration_name, repository_security_configuration_state, repository_security_configuration_failure_reason, public_repo, created_at, operation_type, actor_is_bot

repository_security_configuration.failed: A code security configuration failed to attach to the repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, security_configuration_id, security_configuration_name, repository_security_configuration_failure_reason, public_repo, created_at, operation_type, actor_is_bot

repository_security_configuration.removed: A code security configuration was removed from a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, security_configuration_id, security_configuration_name, repository_security_configuration_state, repository_security_configuration_failure_reason, public_repo, created_at, operation_type, actor_is_bot

repository_security_configuration.removed_by_settings_change: A code security configuration was removed due to a change in repository or enterprise settings.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, security_configuration_id, security_configuration_name, repository_security_configuration_state, repository_security_configuration_failure_reason, public_repo, created_at, operation_type, actor_is_bot

repository_visibility_change

repository_visibility_change.clear: The repository visibility change setting was cleared for an organization or enterprise.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: /organizations/managing-organization-settings/restricting-repository-visibility-changes-in-your-organization, Enforcing repository management policies in your enterprise

repository_visibility_change.disable: The ability for enterprise members to update a repository's visibility was disabled. Members are unable to change repository visibilities in an organization, or all organizations in an enterprise.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

repository_visibility_change.enable: The ability for enterprise members to update a repository's visibility was enabled. Members are able to change repository visibilities in an organization, or all organizations in an enterprise.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

repository_vulnerability_alert

repository_vulnerability_alert.auto_dismiss: A Dependabot alert was automatically dismissed because its metadata matches an enabled Dependabot rule.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, alert_id, alert_number, ghsa_id, public_repo, owner, created_at, operation_type, vulnerability_alert_rule_id, vulnerability_alert_rule_name
Référence: About Dependabot auto-triage rules

repository_vulnerability_alert.auto_reopen: A previously auto-dismissed Dependabot alert was automatically reopened because its metadata no longer matches an enabled Dependabot rule.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, alert_id, alert_number, ghsa_id, public_repo, owner, created_at, operation_type, vulnerability_alert_rule_id, vulnerability_alert_rule_name
Référence: About Dependabot auto-triage rules

repository_vulnerability_alert.create: GitHub created a Dependabot alert because the repository uses a vulnerable dependency.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, alert_id, created_at, alert_number
Référence: About Dependabot alerts

repository_vulnerability_alert.dismiss: A Dependabot alert was manually dismissed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, alert_id, created_at, dismiss_reason, dismiss_comment, alert_number, actor_is_bot

repository_vulnerability_alert.reintroduce: A Dependabot alert was automatically reopened because the repository resumed use of a vulnerable dependency.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, alert_id, created_at, public_repo, owner, operation_type, alert_number

repository_vulnerability_alert.reopen: A Dependabot alert was manually reopened.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, alert_id, created_at, owner, operation_type, public_repo, alert_number

repository_vulnerability_alert.resolve: Changes were pushed to update and resolve a Dependabot alert in a project dependency.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, alert_id, operation_type, created_at, alert_number

repository_vulnerability_alerts

repository_vulnerability_alerts.authorized_users_teams: The list of people or teams authorized to receive Dependabot alerts for the repository was updated.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts

repository_vulnerability_alerts.disable: Dependabot alerts was disabled.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type

repository_vulnerability_alerts.enable: Dependabot alerts was enabled.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, actor_is_bot

repository_vulnerability_alerts_auto_dismissal

repository_vulnerability_alerts_auto_dismissal.disable: Automatic dismissal of low-impact Dependabot alerts was disabled for the repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, public_repo, created_at, operation_type

repository_vulnerability_alerts_auto_dismissal.enable: Automatic dismissal of low-impact Dependabot alerts was enabled for the repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, public_repo, created_at, operation_type, actor_is_bot

required_status_check

required_status_check.create: A status check was marked as required for a protected branch.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, context, operation_type, created_at
Référence: /repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging

required_status_check.destroy: A status check was no longer marked as required for a protected branch.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, context, operation_type
Référence: /repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging

restrict_notification_delivery

restrict_notification_delivery.disable: Email notification restrictions for an organization or enterprise were disabled.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, owner, operation_type, created_at
Référence: Restricting email notifications for your organization, Restricting email notifications for your enterprise

restrict_notification_delivery.enable: Email notification restrictions for an organization or enterprise were enabled.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, owner, operation_type, created_at
Référence: Restricting email notifications for your organization, Restricting email notifications for your enterprise

role

role.create: A new custom repository role was created.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, name, owner, base_role, operation_type, role_permissions, old_role_permissions
Référence: Managing custom repository roles for an organization

role.destroy: A custom repository role was deleted.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, name, owner, role_permissions, base_role, operation_type
Référence: Managing custom repository roles for an organization

role.update: A custom repository role was edited.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, owner, role_permissions, base_role, operation_type, created_at, old_role_permissions, old_base_role
Référence: Managing custom repository roles for an organization

secret_scanning_alert

secret_scanning_alert.create: GitHub detected a secret and created a secret scanning alert.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, number, secret_type, secret_type_display_name, publicly_leaked, multi_repo
Référence: Manage secret scanning alerts

secret_scanning_alert.reopen: A secret scanning alert was reopened.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, number, public_repo, created_at, operation_type, secret_type_display_name

secret_scanning_alert.report: A leaked secret was reported to the secret's provider by secret scanning.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, number, secret_type, created_at, secret_type_display_name, secret_type_provider, report_result
Référence: Resolving alerts from secret scanning

secret_scanning_alert.resolve: A secret scanning alert was resolved.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, number, resolution, public_repo, created_at, operation_type, secret_type, secret_type_display_name, publicly_leaked, multi_repo

secret_scanning_alert.revoke: A secret scanning alert was revoked.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, number, public_repo, created_at, operation_type

secret_scanning_alert.validate: A secret scanning alert was validated.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, number, created_at, previous_validity, current_validity, secret_type, secret_type_display_name, publicly_leaked, multi_repo
Référence: Manage secret scanning alerts

secret_scanning

secret_scanning.disable: Secret scanning was disabled for all existing repositories.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: About secret scanning

secret_scanning.enable: Secret scanning was enabled for all existing repositories.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: About secret scanning

secret_scanning_new_repos

secret_scanning_new_repos.disable: Secret scanning was disabled for all new repositories.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: About secret scanning

secret_scanning_new_repos.enable: Secret scanning was enabled for all new repositories.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: About secret scanning

secret_scanning_push_protection

secret_scanning_push_protection.bypass: Triggered when a user bypasses the push protection on a secret detected by secret scanning.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, number, created_at, push_protection_bypass_reason, secret_type, secret_type_display_name, publicly_leaked, multi_repo, request_reviewer, request_reviewer_id
Référence: About push protection

secret_scanning_push_protection_request

secret_scanning_push_protection_request.approve: A request to bypass secret scanning push protection was approved by a user.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, number, public_repo, created_at, operation_type, actor_is_bot
Référence: About push protection

secret_scanning_push_protection_request.deny: A request to bypass secret scanning push protection was denied by a user.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, number, public_repo, created_at, operation_type, actor_is_bot, request_reviewer_comment
Référence: About push protection

secret_scanning_push_protection_request.request: A user requested to bypass secret scanning push protection.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, number, public_repo, created_at, operation_type, actor_is_bot
Référence: /code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line

security_configuration

security_configuration.create: A security configuration was created
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, security_configuration_id, security_configuration_name, security_configuration_description, security_configuration_created_at, security_configuration_updated_at, security_configuration_enable_ghas, security_configuration_private_vulnerability_reporting, security_configuration_dependency_graph, security_configuration_dependabot_alerts, security_configuration_dependabot_security_updates, security_configuration_code_scanning, security_configuration_secret_scanning, security_configuration_secret_scanning_push_protection, security_configuration_secret_scanning_validity_checks, created_at, operation_type, actor_is_bot, security_configuration_dependency_graph_autosubmit_action, security_configuration_secret_scanning_non_provider_patterns, security_configuration_secret_scanning_delegated_bypass, security_configuration_secret_scanning_generic_secrets, security_configuration_secret_scanning_delegated_alert_dismissal, security_configuration_code_scanning_delegated_alert_dismissal, security_configuration_code_security_sku_enabled, security_configuration_secret_protection_sku_enabled, security_configuration_dependabot_delegated_alert_dismissal

security_configuration.delete: A security configuration was deleted
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, security_configuration_id, security_configuration_name, security_configuration_description, security_configuration_created_at, security_configuration_updated_at, security_configuration_enable_ghas, security_configuration_private_vulnerability_reporting, security_configuration_dependency_graph, security_configuration_dependabot_alerts, security_configuration_dependabot_security_updates, security_configuration_code_scanning, security_configuration_secret_scanning, security_configuration_secret_scanning_push_protection, security_configuration_secret_scanning_validity_checks, created_at, operation_type, actor_is_bot, security_configuration_dependency_graph_autosubmit_action, security_configuration_secret_scanning_non_provider_patterns, security_configuration_secret_scanning_delegated_bypass, security_configuration_secret_scanning_delegated_alert_dismissal, security_configuration_code_scanning_delegated_alert_dismissal, security_configuration_code_security_sku_enabled, security_configuration_secret_protection_sku_enabled, security_configuration_dependabot_delegated_alert_dismissal

security_configuration.update: A security configuration was updated
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, security_configuration_id, security_configuration_name, security_configuration_description, security_configuration_created_at, security_configuration_updated_at, security_configuration_enable_ghas, security_configuration_private_vulnerability_reporting, security_configuration_dependency_graph, security_configuration_dependabot_alerts, security_configuration_dependabot_security_updates, security_configuration_code_scanning, security_configuration_secret_scanning, security_configuration_secret_scanning_push_protection, security_configuration_secret_scanning_validity_checks, created_at, operation_type, actor_is_bot, security_configuration_dependency_graph_autosubmit_action, security_configuration_secret_scanning_non_provider_patterns, security_configuration_secret_scanning_delegated_bypass, security_configuration_secret_scanning_generic_secrets, security_configuration_secret_scanning_delegated_alert_dismissal, security_configuration_code_scanning_delegated_alert_dismissal, security_configuration_code_security_sku_enabled, security_configuration_secret_protection_sku_enabled, security_configuration_dependabot_delegated_alert_dismissal

security_configuration_default

security_configuration_default.delete: A default security configuration setting for new repositories was removed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, default_for_new_private_repos, default_for_new_public_repos, security_configuration_name, created_at, operation_type, actor_is_bot

security_configuration_default.update: A default security configuration setting for new repositories was updated.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, default_for_new_private_repos, default_for_new_public_repos, security_configuration_name, created_at, operation_type, actor_is_bot

security_configuration_policy

security_configuration_policy.update: A security configuration policy was updated
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, enforcement, security_configuration_name, created_at, operation_type

ssh_certificate_authority

ssh_certificate_authority.create: An SSH certificate authority for an organization or enterprise was created.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, fingerprint, operation_type, openssh_public_key, created_at
Référence: Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise

ssh_certificate_authority.destroy: An SSH certificate authority for an organization or enterprise was deleted.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, fingerprint, operation_type, openssh_public_key
Référence: Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise

ssh_certificate_requirement

ssh_certificate_requirement.disable: The requirement for members to use SSH certificates to access an organization resources was disabled.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise

ssh_certificate_requirement.enable: The requirement for members to use SSH certificates to access an organization resources was enabled.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at
Référence: Managing your organization's SSH certificate authorities, Enforcing policies for security settings in your enterprise

staff

staff.dependabot_debug_credentials_generated: Dependabot encrypted config was read.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type, public_repo

staff.set_domain_token_expiration: The verification code expiry time for an organization or enterprise domain was set.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, owner_type, domain_name, token_expires_at, owner, operation_type, created_at

staff.unverify_domain: An organization or enterprise domain was unverified.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, owner_type, domain_name, owner, operation_type

staff.verify_domain: An organization or enterprise domain was verified.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, domain_name, operation_type, created_at

sub_issues

sub_issues.parent_issue_add: A parent issue was added to an issue.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, title, public_repo, created_at, operation_type, actor_is_bot

sub_issues.parent_issue_remove: A parent issue was removed from an issue.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, title, public_repo, created_at, operation_type, actor_is_bot

sub_issues.sub_issue_add: A sub-issue was added to an issue.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, title, public_repo, created_at, operation_type, actor_is_bot

sub_issues.sub_issue_remove: A sub-issue was removed from an issue.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, title, public_repo, created_at, operation_type, actor_is_bot

team

team.add_member: A member of an organization was added to a team.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, team, created_at, operation_type, team_type
Référence: /organizations/organizing-members-into-teams/adding-organization-members-to-a-team

team.add_repository: A team was given access and permissions to a repository.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, team, operation_type, created_at, actor_is_bot

team.change_parent_team: A child team was created or a child team's parent was changed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, team, operation_type
Référence: /organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy

team.change_privacy: A team's privacy level was changed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, team, created_at, operation_type, team_type
Référence: /organizations/organizing-members-into-teams/changing-team-visibility

team.create: A new team is created.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, oauth_application_id, operation_type, team, created_at, team_type

team.demote_maintainer: A user was demoted from a team maintainer to a team member.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, team, operation_type, created_at
Référence: /organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member

team.destroy: A team was deleted.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, team, operation_type, team_type

team.promote_maintainer: A user was promoted from a team member to a team maintainer.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, team, operation_type, created_at
Référence: /organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member#promoting-an-organization-member-to-team-maintainer

team.remove_member: An organization member was removed from a team.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, team, team_type
Référence: /organizations/organizing-members-into-teams/removing-organization-members-from-a-team

team.remove_repository: A repository was removed from a team's control.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, team, operation_type

team.rename: A team's name was changed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, name, created_at, team, operation_type, team_type

team.update_repository_permission: A team's permission to a repository was changed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, team, old_permission, operation_type, created_at, permission, new_repo_permission, new_repo_base_role, old_repo_permission, old_repo_base_role

team_sync_tenant

team_sync_tenant.disabled: Team synchronization with a tenant was disabled.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise

team_sync_tenant.enabled: Team synchronization with a tenant was enabled.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, operation_type
Référence: Managing team synchronization for your organization, Managing team synchronization for organizations in your enterprise

team_sync_tenant.update_okta_credentials: The Okta credentials for team synchronization with a tenant were changed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at

vulnerability_alert_rule

vulnerability_alert_rule.create: A Dependabot rule was created.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, vulnerability_alert_rule_id, vulnerability_alert_rule_name, created_at, operation_type

vulnerability_alert_rule.delete: A Dependabot rule was deleted.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, vulnerability_alert_rule_id, vulnerability_alert_rule_name, created_at, operation_type

vulnerability_alert_rule.disable: A Dependabot rule was disabled for a single repository or disabled by default for an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, vulnerability_alert_rule_id, vulnerability_alert_rule_name, public_repo, created_at, operation_type

vulnerability_alert_rule.enable: A Dependabot rule was enabled for a single repository or enabled by default for an organization.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, vulnerability_alert_rule_id, vulnerability_alert_rule_name, public_repo, created_at, operation_type

vulnerability_alert_rule.force_disable: A Dependabot rule was enabled for an organization and cannot be disabled for its repositories.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, vulnerability_alert_rule_id, vulnerability_alert_rule_name, created_at, operation_type

vulnerability_alert_rule.force_enable: A Dependabot rule was disabled for an organization and cannot be enabled for its repositories.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, vulnerability_alert_rule_id, vulnerability_alert_rule_name, created_at, operation_type

vulnerability_alert_rule.update: A Dependabot rule's conditions, actions, or metadata changed.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, vulnerability_alert_rule_id, vulnerability_alert_rule_name, created_at, operation_type

workflows

workflows.approve_workflow_job: A workflow job was approved.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, workflow_run_id, run_number, operation_type, created_at, public_repo
Référence: Reviewing deployments

workflows.cancel_workflow_run: A workflow run was cancelled.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, started_at, event, name, workflow_run_id, head_branch, head_sha, run_number, cancelled_at, workflow_id, operation_type, trigger_id, public_repo
Référence: Canceling a workflow run

workflows.completed_workflow_run: A workflow status changed to completed. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, started_at, event, name, workflow_run_id, head_branch, head_sha, completed_at, conclusion, run_number, workflow_id, operation_type, trigger_id, run_attempt, actor_is_bot, actor_is_agent
Référence: Viewing workflow run history

workflows.created_workflow_run: A workflow run was create. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, started_at, event, name, workflow_run_id, head_branch, head_sha, workflow_id, operation_type, trigger_id, public_repo, actor_is_bot, actor_is_agent
Référence: Understanding GitHub Actions

workflows.delete_workflow_run: A workflow run was deleted.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, operation_type, created_at, workflow_run_id, started_at, head_branch, head_sha, trigger_id
Référence: Deleting a workflow run

workflows.disable_workflow: A workflow was disabled.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, workflow_id, operation_type, created_at, public_repo, actor_is_bot

workflows.enable_workflow: A workflow was enabled, after previously being disabled by disable_workflow.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, workflow_id, operation_type, created_at, public_repo

workflows.pin_workflow: A workflow was pinned.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, public_repo, workflow_id, created_at, operation_type, actor_is_bot

workflows.prepared_workflow_job: A workflow job was started. Includes the list of secrets that were provided to the job. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, workflow_run_id, job_name, runner_labels, is_hosted_runner, environment_name, secrets_passed, operation_type, created_at, runner_owner_type, job_workflow_ref, calling_workflow_refs, calling_workflow_shas, imposer_repo
Référence: Events that trigger workflows

workflows.reject_workflow_job: A workflow job was rejected.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, workflow_run_id, run_number, operation_type, created_at, public_repo
Référence: Reviewing deployments

workflows.rerun_workflow_run: A workflow run was re-run.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, created_at, started_at, event, name, workflow_run_id, head_branch, head_sha, run_number, workflow_id, operation_type, trigger_id, run_attempt, rerun_type, check_run_id, actor_is_bot
Référence: Re-running workflows and jobs

workflows.unpin_workflow: A workflow was unpinned after previously being pinned.
Fields: @timestamp, _document_id, action, actor, actor_id, business, business_id, hashed_token, org, org_id, programmatic_access_type, repo, repo_id, repository, repository_id, request_access_security_header, request_id, token_id, token_scopes, user, user_id, user_agent, public_repo, workflow_id, created_at, operation_type, actor_is_bot